Results 1 to 2 of 2
  1. #1
    Join Date
    Sep 2005
    Posts
    93

    Server Disabled Due to Port Scanning

    My server was disabled by an ISP because according to them, my IP carried out scans to other internet servers. I have firewall set-up using virtual server default in Webmin.

    What else do I need to harden? What processes could be doing the scanning that I can terminate?

    This is how my iptables looks like right before it was banned:

    Code:
    # Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011
    *filter
    :FORWARD ACCEPT [0:0]
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    # Accept traffic from internal interfaces
    -A INPUT ! -i eth1 -j ACCEPT
    # Accept traffic with the ACK flag set
    -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
    # Allow incoming data that is part of a connection we established
    -A INPUT -m state --state ESTABLISHED -j ACCEPT
    # Allow data that is related to existing connections
    -A INPUT -m state --state RELATED -j ACCEPT
    # Accept responses to DNS queries
    -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
    # Accept responses to our pings
    -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
    # Accept notifications of unreachable hosts
    -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
    # Accept notifications to reduce sending speed
    -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
    # Accept notifications of lost packets
    -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
    # Accept notifications of protocol problems
    -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
    # Allow connections to our SSH server
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    # Allow connections to our IDENT server
    -A INPUT -p tcp -m tcp --dport auth -j ACCEPT
    # Respond to pings
    -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT
    # Allow DNS zone transfers
    -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    # Allow DNS queries
    -A INPUT -p udp -m udp --dport 53 -j ACCEPT
    # Allow connections to webserver
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    # Allow SSL connections to webserver
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    # Allow connections to mail server
    -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25,587
    # Allow connections to FTP server
    -A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
    # Allow connections to POP3 server
    -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 110,995
    # Allow connections to IMAP server
    -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 143,220,993
    # Allow connections to Webmin
    -A INPUT -p tcp -m tcp --dport 10000:10010 -j ACCEPT
    # Allow connections to Usermin
    -A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT
    COMMIT
    # Completed on Sun Apr 10 14:37:17 2011
    # Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011
    *mangle
    :PREROUTING ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed on Sun Apr 10 14:37:17 2011
    # Generated by iptables-save v1.3.5 on Sun Apr 10 14:37:17 2011

  2. #2

    *

    Hello,

    I think your server may be infected . I would suggest you to ask your hosting provided to Investigate on it as it may not be your fault and ask them to scan the server with ClamAV antivirus .

    http://www.clamav.net/lang/en/

Similar Threads

  1. RED5 : banned from server for port scanning... :(
    By SecondSight in forum Hosting Security and Technology
    Replies: 4
    Last Post: 03-21-2011, 07:45 AM
  2. Port Scanning issuse
    By sherwood in forum Hosting Security and Technology
    Replies: 11
    Last Post: 04-19-2009, 09:56 AM
  3. Port Scanning? Abuse?
    By Sightless in forum Employment / Job Offers
    Replies: 5
    Last Post: 03-02-2006, 11:16 PM
  4. Port scanning???
    By atul in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-24-2004, 04:02 AM
  5. Please Help...asap...Mail Problems due to port scanning
    By diesel1 in forum Dedicated Server
    Replies: 1
    Last Post: 08-27-2002, 02:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •