Facebook
Twitter
U
ullone
Guest
Yes. I need to setup a FIREWALL using your Plesk panel because i need to stop a problem of Port Scanning.
I have , in fact received an email by my hosting provider (server4you) support [email protected] that tell me that :
" Dear Administrator, We recieved a complaint about networkscan from IP 69.64.50.67. Please see the attached set of logs from the security software. It might be that your host has been taken over by intruders. Please disconnect IMMEDIATELY this host and investigate its security status. Otherwise please identify your customer operating from the above address at the time mentioned, and terminate immediately his hacking activities. Please prevent him from continuing these kind of activities in the future as well. This incident has been assigned the following number: DK*CERT#261880 "
The problem is that I HAVE NOT ANY IDEA OF what is a port scanning and about what system use hackers to SCANNER a port. AND I HAVE NOT ANY IDEA of what is the setting to BLOCK THE INTRUDER to enter in the server and to use it for external attacks in port scanning. I think to block "using DENY" in plesk the voice in the Firewall that i don't think to use or that are "STRANGE" for me (for the stupid logic that if they are strange i don't need to use them, a stupid logic ...).
And also to limit the access in FTP only for IP similar to my IP (080.*.*.* or 082.*.*.*)..
WHAT SYSTEM ARE USED BY THE HACKER TO ENTER IN A SERVER AND TO USE IT FOR A PORT SCANNER ???
I THINK THAT THEY ENTER VIA FTP OR NOT ? BOHHH.
What is the system to stop the hacker to enter in the server and to use it for a port scanner ?
Restrict the FTP Permission is sufficient ? I think to allow only FTP IP, from Italy, like mine 080.*.*.* or 081.*.*.* or 082.*.*.* . but i'm not an expert for nothing. ...
In plesk menu i have found the Firewall module but i have not idea about configuration of it to avoid port scanning in future.
I have , in my 2 servers, many different domains that will start as soon as possible (december , i think). The 200 sites are in "coming soon" but the structure is very similar.
I have only sites type these one : http://www.meta99.com/ , http://www.pets-99.com/ , http://asian-99.com/ .
All Sites use php, or html or (perl in some case) . They use a mysql database, they read external feeds or they use the feeds of external search engine like google or yahoo. I have different meta search in my sites.
They use also a usenet gateway (i need to open port 119) and they use also mailman (each user can create a mailing list if he will)
The structure of my sites is very similar. They use simple php and perl script Plus mailman and a usenet gateway (port 119).
The problem is that i have not idea about the configuration of Firewall to stop the Port scanning. In Firewall module of Plesk i have "ALL ALLOWED" at the moment. And i need to restrict the permission to avoid the port scanning.
I have found many different voices that i don't understand. I don't know what are :
Samba (file sharing in Windows networks)
Domain name server
Ping service
Plesk VPN DENY
Tomcat administrative interface
I use an external provider to host the domains that i use with server4you. And i have written in this sites ( http://nameadmin.com/ ) the 2 nameservers that i have found in server4you ( https://my.server4you.net/nameserver.php ) : ns1.nameserverservice.com ns2.nameserverservice.com
but now what is the setting in the Firewall for the voice "Domain name server" ?
I have to write "DENY incoming from all" because i use the 2 standard nameservers of server4you ? Or other setting. What i have to write in "Domain name server" voice of the Firewall ?
I think to DENY to ALL :
Samba (file sharing in Windows networks)
Ping service
Tomcat administrative interface
What is a Ping service ? And Tomcat administrative interface ?
For the rest i think to ALLOW all. But i'm not sure that it is the good setting. Can you help me ?
SSH (secure shell) server Allow incoming from all
Plesk administrative interface Allow incoming from all
WWW server Allow incoming from all
SMTP (mail sending) server Allow incoming from all
POP3 (mail retrieval) server Allow incoming from all
IMAP (mail retrieval) server Allow incoming from all
Mail password change service Allow incoming from all
MySQL server Allow incoming from all
PostgreSQL server Allow incoming from all
I need only to use Mailman. Not other. Is it good to "Allow all" in SMTP, POP3 , IMAP . Or i can restrict the access if i simple think to use mailman ?
At hte moment i think to host Mysql internally and to not use an external database. If i host mysql in the server , CAN I DENY MySQL server for ALL.
At the moment i don' t use external servers for PostgreSQL ? Can i DENY it ?
------------ FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )
Samba (file sharing in Windows networks) DENY incoming from all
Domain name server DENY incoming from all
Ping service DENY incoming from all
Plesk VPN DENY incoming from all
Tomcat administrative interface DENY incoming from all
FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )
I have , in fact received an email by my hosting provider (server4you) support [email protected] that tell me that :
" Dear Administrator, We recieved a complaint about networkscan from IP 69.64.50.67. Please see the attached set of logs from the security software. It might be that your host has been taken over by intruders. Please disconnect IMMEDIATELY this host and investigate its security status. Otherwise please identify your customer operating from the above address at the time mentioned, and terminate immediately his hacking activities. Please prevent him from continuing these kind of activities in the future as well. This incident has been assigned the following number: DK*CERT#261880 "
The problem is that I HAVE NOT ANY IDEA OF what is a port scanning and about what system use hackers to SCANNER a port. AND I HAVE NOT ANY IDEA of what is the setting to BLOCK THE INTRUDER to enter in the server and to use it for external attacks in port scanning. I think to block "using DENY" in plesk the voice in the Firewall that i don't think to use or that are "STRANGE" for me (for the stupid logic that if they are strange i don't need to use them, a stupid logic ...).
And also to limit the access in FTP only for IP similar to my IP (080.*.*.* or 082.*.*.*)..
WHAT SYSTEM ARE USED BY THE HACKER TO ENTER IN A SERVER AND TO USE IT FOR A PORT SCANNER ???
I THINK THAT THEY ENTER VIA FTP OR NOT ? BOHHH.
What is the system to stop the hacker to enter in the server and to use it for a port scanner ?
Restrict the FTP Permission is sufficient ? I think to allow only FTP IP, from Italy, like mine 080.*.*.* or 081.*.*.* or 082.*.*.* . but i'm not an expert for nothing. ...
In plesk menu i have found the Firewall module but i have not idea about configuration of it to avoid port scanning in future.
I have , in my 2 servers, many different domains that will start as soon as possible (december , i think). The 200 sites are in "coming soon" but the structure is very similar.
I have only sites type these one : http://www.meta99.com/ , http://www.pets-99.com/ , http://asian-99.com/ .
All Sites use php, or html or (perl in some case) . They use a mysql database, they read external feeds or they use the feeds of external search engine like google or yahoo. I have different meta search in my sites.
They use also a usenet gateway (i need to open port 119) and they use also mailman (each user can create a mailing list if he will)
The structure of my sites is very similar. They use simple php and perl script Plus mailman and a usenet gateway (port 119).
The problem is that i have not idea about the configuration of Firewall to stop the Port scanning. In Firewall module of Plesk i have "ALL ALLOWED" at the moment. And i need to restrict the permission to avoid the port scanning.
I have found many different voices that i don't understand. I don't know what are :
Samba (file sharing in Windows networks)
Domain name server
Ping service
Plesk VPN DENY
Tomcat administrative interface
I use an external provider to host the domains that i use with server4you. And i have written in this sites ( http://nameadmin.com/ ) the 2 nameservers that i have found in server4you ( https://my.server4you.net/nameserver.php ) : ns1.nameserverservice.com ns2.nameserverservice.com
but now what is the setting in the Firewall for the voice "Domain name server" ?
I have to write "DENY incoming from all" because i use the 2 standard nameservers of server4you ? Or other setting. What i have to write in "Domain name server" voice of the Firewall ?
I think to DENY to ALL :
Samba (file sharing in Windows networks)
Ping service
Tomcat administrative interface
What is a Ping service ? And Tomcat administrative interface ?
For the rest i think to ALLOW all. But i'm not sure that it is the good setting. Can you help me ?
SSH (secure shell) server Allow incoming from all
Plesk administrative interface Allow incoming from all
WWW server Allow incoming from all
SMTP (mail sending) server Allow incoming from all
POP3 (mail retrieval) server Allow incoming from all
IMAP (mail retrieval) server Allow incoming from all
Mail password change service Allow incoming from all
MySQL server Allow incoming from all
PostgreSQL server Allow incoming from all
I need only to use Mailman. Not other. Is it good to "Allow all" in SMTP, POP3 , IMAP . Or i can restrict the access if i simple think to use mailman ?
At hte moment i think to host Mysql internally and to not use an external database. If i host mysql in the server , CAN I DENY MySQL server for ALL.
At the moment i don' t use external servers for PostgreSQL ? Can i DENY it ?
------------ FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )
Samba (file sharing in Windows networks) DENY incoming from all
Domain name server DENY incoming from all
Ping service DENY incoming from all
Plesk VPN DENY incoming from all
Tomcat administrative interface DENY incoming from all
FTP server ONLY FOR ITALIAN IP (080.*.*.*, 081.*.*.*, 082.*.*.* )
