B
bdraco
Guest
[quote:4ec0bd4627][i:4ec0bd4627]Originally posted by CGarson[/i:4ec0bd4627]
2082 - cpanel
2086 - whm
25 - smtp
110 - pop
143 - imap
22 - ssh
443 - ssl
2087 - ssl whm
2095 - webmail
2083 - ssl cpanel
2096 - ssl webmail
3306 - mysql
21 - ftp
53 - dns
Maybe more, but thats all I can think of right now[/quote:4ec0bd4627]
2080-2099
2082 - cpanel
2086 - whm
25 - smtp
110 - pop
143 - imap
22 - ssh
443 - ssl
2087 - ssl whm
2095 - webmail
2083 - ssl cpanel
2096 - ssl webmail
3306 - mysql
21 - ftp
53 - dns
Maybe more, but thats all I can think of right now[/quote:4ec0bd4627]
2080-2099
O
ozzi4648
Guest
[quote:efee9a2b44][i:efee9a2b44]Originally posted by CGarson[/i:efee9a2b44]
6667 is IRC chat, I dont think you want this one open. I dont think FTP needs port 20.[/quote:efee9a2b44]
Port 20 should be left open if Passive FTP is to be used on your server:p
6667 is IRC chat, I dont think you want this one open. I dont think FTP needs port 20.[/quote:efee9a2b44]
Port 20 should be left open if Passive FTP is to be used on your server:p
List of ports used by cpanel
21 ---& FTP ---& TCP
22 ---& SSH ---& TCP
25 ---& SMTP ---& TCP
53 ---& DNS ---& TCP & UDP
80 ---& HTTP ---& TCP
110 ---& POP3 ---& TCP
143 ---& IMAP ---& TCP
443 ---& HTTPs ---& TCP
465 ---& sSMTP ---& TCP
993 ---& sIMAP ---& TCP
995 ---& sPOP3 ---& TCP
2082 ---& Cpanel ---& TCP
2083 ---& secure Cpanel
2086 ---& WHM ---& TCP
2087 ---& secure WHM
2095 ---& WebMail ---& TCP
2096 ---& secure WebMail
3306 ---& MySQL ---& TCP
6666 ---& Melange ---& TCP
7786 ---& Ichange ---& TCP
21 ---& FTP ---& TCP
22 ---& SSH ---& TCP
25 ---& SMTP ---& TCP
53 ---& DNS ---& TCP & UDP
80 ---& HTTP ---& TCP
110 ---& POP3 ---& TCP
143 ---& IMAP ---& TCP
443 ---& HTTPs ---& TCP
465 ---& sSMTP ---& TCP
993 ---& sIMAP ---& TCP
995 ---& sPOP3 ---& TCP
2082 ---& Cpanel ---& TCP
2083 ---& secure Cpanel
2086 ---& WHM ---& TCP
2087 ---& secure WHM
2095 ---& WebMail ---& TCP
2096 ---& secure WebMail
3306 ---& MySQL ---& TCP
6666 ---& Melange ---& TCP
7786 ---& Ichange ---& TCP
webhost backup
Hi..,
I put a firewall in the box. Then i try to use the WHM , i try to add account etc.. and everything seems to be allright because changes is made in the /home directory.
But when it comes to configuring backup, the WHM said the configuration has been saved daily. And then i wait until the next day but.. no backup is made.
I ask the support guys and they said that perhaps the firewall has blocked the backup script.
Now is the question, what port is the backup scipts use..??
The ports you listed here are already open because i can access WHM and the other functions in the WHM seems normal because i can add account through WHM...
Only the backup scripts seems to be having problem...
Can somebody help me...
wahyu
Hi..,
I put a firewall in the box. Then i try to use the WHM , i try to add account etc.. and everything seems to be allright because changes is made in the /home directory.
But when it comes to configuring backup, the WHM said the configuration has been saved daily. And then i wait until the next day but.. no backup is made.
I ask the support guys and they said that perhaps the firewall has blocked the backup script.
Now is the question, what port is the backup scipts use..??
The ports you listed here are already open because i can access WHM and the other functions in the WHM seems normal because i can add account through WHM...
Only the backup scripts seems to be having problem...
Can somebody help me...
wahyu
Let us suppose, for a moment, that this thread contains a workable list of the ports to keep open.
The question was asked earlier, and I'd like to ask it again ...
What is the best method of closing unneeded ports?
(For those of us not running Bastille.)
And, in some cases, would it be even more useful to uninstall certain unneeded programs?
The question was asked earlier, and I'd like to ask it again ...
What is the best method of closing unneeded ports?
(For those of us not running Bastille.)
And, in some cases, would it be even more useful to uninstall certain unneeded programs?
Disable Unnecessary Ports 
First backup the file that contains your list of ports with:
cp /etc/services /etc/services.original
Now configure /etc/services so that it only has the ports you need in it. This will match the ports enabled in your firewall.
Additional ports are controlled by /etc/rpc. These aren't generally needed, so get shot of that file with: mv /etc/rpc /etc/rpc-moved
But now another question after all that should we reboot the machine in order to this changes take effect?
How can we be sure it worked?
Regards to all
Claudio
First backup the file that contains your list of ports with:
cp /etc/services /etc/services.original
Now configure /etc/services so that it only has the ports you need in it. This will match the ports enabled in your firewall.
Additional ports are controlled by /etc/rpc. These aren't generally needed, so get shot of that file with: mv /etc/rpc /etc/rpc-moved
But now another question after all that should we reboot the machine in order to this changes take effect?
How can we be sure it worked?
Regards to all
Claudio
CSF Firewall
You can open/close your ports via the iptable rules (if your running that) I've been working with CSF Firewall. What a wonderful program. Builds into CPanel, you can change ALL your settings via WHM including opening specific ports for TCP in and out, UDP. You can also setup max allowed fails on protocols. You can really lock down security issues with it, plus you can do a security check to see how well you've got everything locked up.
http://www.configserver.com/cp/csf.html
I'm quite happy with our change over.:D
You can open/close your ports via the iptable rules (if your running that) I've been working with CSF Firewall. What a wonderful program. Builds into CPanel, you can change ALL your settings via WHM including opening specific ports for TCP in and out, UDP. You can also setup max allowed fails on protocols. You can really lock down security issues with it, plus you can do a security check to see how well you've got everything locked up.
http://www.configserver.com/cp/csf.html
I'm quite happy with our change over.:D
lol i suppose i didHey, you responded to a 3 year old thread
, doesn't mean someone out there won't find it useful I troll the old posts to see if there might be answers to qestions I might be facing
Answers provided more than 9-12 months ago are likely to be inaccurate for modern builds of cPanel.lol i suppose i did
I agree. But, in that case, can you post an updated list of ports to leave open via firewall?
I know about this lists used in CSFfirewall:
TCP_IN =20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:35000
TCP_OUT =
20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,30000:35000
UDP_IN =
20,21,53,953,30000:35000
UDP_OUT =
20,21,53,113,123,873,953,6277,30000:35000
If you changed the SSH port to other than 21, replace 21 in TCP with your real port. Don't leave it open if you aren't using it.
If you run a monolithic kernel (a VPS), ports 30000:35000 must be enabled in pure-ftpd in order to enable PASV mode. (Although, doing so, when firewall is running I can upload files but cannot download files that have been uploaded prior to this settings, even if they have the same chmod attributes!
)Is this list complete? May be some ports missing?
Up to date information for the ports needed for a cPanel/WHM server can be found at:I agree. But, in that case, can you post an updated list of ports to leave open via firewall?
I know about this lists used in CSFfirewall:
TCP_IN =20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:35000
TCP_OUT =
20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,30000:35000
UDP_IN =
20,21,53,953,30000:35000
UDP_OUT =
20,21,53,113,123,873,953,6277,30000:35000
If you changed the SSH port to other than 21, replace 21 in TCP with your real port. Don't leave it open if you aren't using it.
If you run a monolithic kernel (a VPS), ports 30000:35000 must be enabled in pure-ftpd in order to enable PASV mode. (Although, doing so, when firewall is running I can upload files but cannot download files that have been uploaded prior to this settings, even if they have the same chmod attributes!
Is this list complete? May be some ports missing?
http://blog.cpanel.net/?p=55
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| J | Thoughts on on bots examining common ports? | Security | 4 | |
| J | Can't disable 80, 22, 443 ports | Security | 3 | |
| T | Non-SSL domains with ports not redirecting to SSL equivalent | Security | 6 | |
| D | What ports should I block, or steps I should take...? | Security | 1 | |
| A | Which ports should I keep open and which close ?? | Security | 2 |