1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

FIREWALL setup to stop Port Scanning

Discussion in 'Plesk for Linux - 8.x and Older' started by ullone, Oct 27, 2006.

  1. ullone

    ullone Guest

    Yes. I need to setup a FIREWALL using your Plesk panel because i need to stop a problem of Port Scanning.

    I have , in fact received an email by my hosting provider (server4you) support abuse@server4you.net that tell me that :
    " Dear Administrator, We recieved a complaint about networkscan from IP Please see the attached set of logs from the security software. It might be that your host has been taken over by intruders. Please disconnect IMMEDIATELY this host and investigate its security status. Otherwise please identify your customer operating from the above address at the time mentioned, and terminate immediately his hacking activities. Please prevent him from continuing these kind of activities in the future as well. This incident has been assigned the following number: DK*CERT#261880 "

    The problem is that I HAVE NOT ANY IDEA OF what is a port scanning and about what system use hackers to SCANNER a port. AND I HAVE NOT ANY IDEA of what is the setting to BLOCK THE INTRUDER to enter in the server and to use it for external attacks in port scanning. I think to block "using DENY" in plesk the voice in the Firewall that i don't think to use or that are "STRANGE" for me (for the stupid logic that if they are strange i don't need to use them, a stupid logic ...).
    And also to limit the access in FTP only for IP similar to my IP (080.*.*.* or 082.*.*.*)..
    What is the system to stop the hacker to enter in the server and to use it for a port scanner ?
    Restrict the FTP Permission is sufficient ? I think to allow only FTP IP, from Italy, like mine 080.*.*.* or 081.*.*.* or 082.*.*.* . but i'm not an expert for nothing. ...
    In plesk menu i have found the Firewall module but i have not idea about configuration of it to avoid port scanning in future.
    I have , in my 2 servers, many different domains that will start as soon as possible (december , i think). The 200 sites are in "coming soon" but the structure is very similar.
    I have only sites type these one : http://www.meta99.com/ , http://www.pets-99.com/ , http://asian-99.com/ .
    All Sites use php, or html or (perl in some case) . They use a mysql database, they read external feeds or they use the feeds of external search engine like google or yahoo. I have different meta search in my sites.
    They use also a usenet gateway (i need to open port 119) and they use also mailman (each user can create a mailing list if he will)
    The structure of my sites is very similar. They use simple php and perl script Plus mailman and a usenet gateway (port 119).
    The problem is that i have not idea about the configuration of Firewall to stop the Port scanning. In Firewall module of Plesk i have "ALL ALLOWED" at the moment. And i need to restrict the permission to avoid the port scanning.
    I have found many different voices that i don't understand. I don't know what are :
    Samba (file sharing in Windows networks)
    Domain name server
    Ping service
    Plesk VPN DENY
    Tomcat administrative interface

    I use an external provider to host the domains that i use with server4you. And i have written in this sites ( http://nameadmin.com/ ) the 2 nameservers that i have found in server4you ( https://my.server4you.net/nameserver.php ) : ns1.nameserverservice.com ns2.nameserverservice.com
    but now what is the setting in the Firewall for the voice "Domain name server" ?
    I have to write "DENY incoming from all" because i use the 2 standard nameservers of server4you ? Or other setting. What i have to write in "Domain name server" voice of the Firewall ?
    I think to DENY to ALL :
    Samba (file sharing in Windows networks)
    Ping service
    Tomcat administrative interface

    What is a Ping service ? And Tomcat administrative interface ?

    For the rest i think to ALLOW all. But i'm not sure that it is the good setting. Can you help me ?
    SSH (secure shell) server Allow incoming from all
    Plesk administrative interface Allow incoming from all
    WWW server Allow incoming from all
    SMTP (mail sending) server Allow incoming from all
    POP3 (mail retrieval) server Allow incoming from all
    IMAP (mail retrieval) server Allow incoming from all
    Mail password change service Allow incoming from all
    MySQL server Allow incoming from all
    PostgreSQL server Allow incoming from all

    I need only to use Mailman. Not other. Is it good to "Allow all" in SMTP, POP3 , IMAP . Or i can restrict the access if i simple think to use mailman ?
    At hte moment i think to host Mysql internally and to not use an external database. If i host mysql in the server , CAN I DENY MySQL server for ALL.
    At the moment i don' t use external servers for PostgreSQL ? Can i DENY it ?
    ------------ FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )
    Samba (file sharing in Windows networks) DENY incoming from all
    Domain name server DENY incoming from all
    Ping service DENY incoming from all
    Plesk VPN DENY incoming from all
    Tomcat administrative interface DENY incoming from all

    FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )