• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Open and Listening ports issue, unknown ports opened

sitenet

New Pleskian
Server operating system version
ubuntu 20.04
Plesk version and microupdate number
18.0.48
Hi, I don't use FTP. So, if I disable port 20 and 21 will there be any kind of issue?


Also, I saw port 12346 and 953 is open. Should I close it? I just want to run sites. Plesk have some default ports open which is good but I see 12346 and 953 is open too. I don't know what it is used for, so close it?
 
Hello @sitenet, I see from this and your other post you are really worried about server security, which is basically a good thing. However, on a server there are many services that need to communicate with each other, and there are many routes through services and even from and to external resources that must remain open so that all the things your host computer and the software on it must do can be complete successfully.

Port 953 for example may not be widely known, but it is indeed something very useful for the domain name resolution. It should not be blocked when your server is in any way involved with resolving domain names, e.g. if you have a BIND daemon on it (the BIND component for example).

Port 12346 (from your image) is in the ephemeral range. It is very likely used by some service to transmit data. Ephemeral ports should not be closed. There are no services behind such ports, so if an attacker was to drive an attack against such a port, nothing will respond, because no service is listening. But when you close such ports, several internal and internal-to-external transactions will fail, because some services won't be able to communicate data packets any longer.

Please have a look at this useful Wikipedia article, maybe it can help you to spend your evening relaxed with a cup of tea ;-) not worrying so much about the firewall stuff and co. Plesk comes with ready-to-use firewall settings. For most any cases there is no need to do extra configurations.
Plesk also has a list for you with the ports that Plesk software needs:

And again: Relax. Plesk has a slogan: "Build Secure Run", and it's really that simple. The "Secure" is paid a lot attention to. You are good to go with a default setup for most scenarios.
 
Hello @sitenet, I see from this and your other post you are really worried about server security, which is basically a good thing. However, on a server there are many services that need to communicate with each other, and there are many routes through services and even from and to external resources that must remain open so that all the things your host computer and the software on it must do can be complete successfully.

Port 953 for example may not be widely known, but it is indeed something very useful for the domain name resolution. It should not be blocked when your server is in any way involved with resolving domain names, e.g. if you have a BIND daemon on it (the BIND component for example).

Port 12346 (from your image) is in the ephemeral range. It is very likely used by some service to transmit data. Ephemeral ports should not be closed. There are no services behind such ports, so if an attacker was to drive an attack against such a port, nothing will respond, because no service is listening. But when you close such ports, several internal and internal-to-external transactions will fail, because some services won't be able to communicate data packets any longer.

Please have a look at this useful Wikipedia article, maybe it can help you to spend your evening relaxed with a cup of tea ;-) not worrying so much about the firewall stuff and co. Plesk comes with ready-to-use firewall settings. For most any cases there is no need to do extra configurations.
Plesk also has a list for you with the ports that Plesk software needs:

And again: Relax. Plesk has a slogan: "Build Secure Run", and it's really that simple. The "Secure" is paid a lot attention to. You are good to go with a default setup for most scenarios.
Thank you for clearing my confusion. It's clear now. I was just a bit extra worried. @Peter Debik
 
Back
Top