• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Plesk Obsidian Ports

Marcelo Mella

Marcelo Mella

New Pleskian
In the documentation, is posible to find the list of ports to be open in the firewall for Plesk to receive conections. (Inbound Conections)
But what ports should be open for Plesk outbound conections. Closing some outbound ports may mitigate some exploits if a malware happens to infect a site
 
All ports that are open inbound also need to be open outbound. If you are thinking about limiting outbound ports in the ephemeral port range: Don't, it won't work. Your idea is good, but in reality malware is simply creating web server requests or sending mail just as ordinary processes do.
 
Thanks Peter
I'm not sure if i have a malware or something, but i received a notification with this log:

* Log Extract:
<<<
2021-11-09 06:30:50 +0000

{
"PORT HIT": "52.42.105.162:41624->31.#.#.153:60412",
"MESSAGES": "Array
(
[06:30:48+0] => Unable to parse invalid request-line
[06:30:48+1] => Accept: text/html,application/xhtml+xml,application/xml
[06:30:48+2] => Accept-Language: es,es-CL,en-US,en;q=0.8
[06:30:48+3] =>
)
"
}
>>>
Click to expand...
Any ideas in how i can analyze and make corrective actions?
 
That's not enough data to make a plan. Where does this notification originate and what does it claim what's wrong?
 
I've Plesk installed in a EC2 instance on AWS. And thats all the info they sent me. I asked for more as soon as i received that e-mail, and waiting for they reply
 
hello @Marcelo Mella ,
as I understand somebody from 52.42.105.162:41624 tries to connect to your server at 31.#.#.153 to port 60412
is that correct ?

anyway, Plesk does not use port 41624 or 60412 as destination for connect.
docs.plesk.com

Ports Used by Plesk

On servers protected by a firewall, the following ports must not be blocked to ensure proper operation of Plesk and a...
docs.plesk.com docs.plesk.com
(but I guess You found it)

Plesk should be allowed to connect to ka.plesk.com for operations regarding your licenses.

all other connections not strictly required for Plesk itself.

to send outgoing mail you need to allow tcp ports 25, 465, 587

also there may be connections to firehose.us-west-2.amazonaws.com (this is for anonymized statistic collection for product improvement)
you can read more about this here


but in general I agree with Peter, that there's not enough info for analysis.
 
No, my Plesk installation is on 52.#.#.162
It is connecting from port 41624 to 31.#.#.153 to port 60412

I replied to AWS, saying i have update Plesk and run Imunify360 and Sucuri Scanner and they seem to be ok with that, as corrective actions
So i'm completely lost here
 
There is not necessarily anything wrong with such connections. For example a website might look for an update of its software on an external server or it might try to import data from somewhere. It is possible that a website is abused for attacking another server, but the traffic is difficult to sort out from regular transactions. As long as noone else complains, high loads or traffic can be seen or software like Imunify360 finds malware, you'll probably be o.k.
 
You must log in or register to reply here.

Similar threads

S
Question NTP port
Replies
0
Views
526
stevenm
S
Y
Resolved Mail doesn't work - Help needed
Replies
6
Views
1K
ybico
Y
B
Issue You cannot send emails from Plesk because outbound connections on TCP port 25 is blocked.
Replies
10
Views
2K
jlocana
jlocana
K
Question Open ports on my domain plesk firewall
Replies
5
Views
1K
Kaspar
K
Lrnt
Resolved Plesk upgrade / Unable to connect to some Plesk ports
Replies
8
Views
367
Kaspar
K
Back
Top