Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

Locking down ports

Discussion in 'Server Security' started by MustangV10, Nov 11, 2011.

  1. MustangV10

    MustangV10 Guest

    The default ports allowed by CSF are:

    Just curious, what other ports (if any) do you think are important to lock down and why?
  2. gcawood

    gcawood Guest

    Best practices would say that you should only open the ports on a server that are being used by an application. Doing anything else is bad news. Also, best practices say that you should not run a server that is doing tons of different services. i.e., run separate servers for mail, dns, web, ftp etc... However, as so many people run multi-use web servers like cPanel that have gobs of ports open by default, I recommend the following port configuration.

    # PORT 21 FTP
    # PORT 22 SSH
    # PORT 25 SMTP
    # PORT 54 DNS
    # PORT 80 httpd
    # PORT 110 POP3
    # PORT 143 IMAP
    # PORT 443 SSL
    # PORT 2082 cPanel
    # PORT 2083 cPanel
    # PORT 2086 WHM
    # PORT 2087 WHM

    This was from memory, so I may of missed some.
  3. MustangV10

    MustangV10 Guest

    Yeah, someone else suggested what you said about only opening ports you need..I thought that could cause problems though since I might close ports that people need. I'll look further into this though, thanks.
  4. mrnothersan

    mrnothersan Guest

    I would only open ports I need if it's a personal website, but for larger websites it would probably cause problems in the future
  5. DaReaper

    DaReaper Guest

    The Ports you have to allow and block depends on the kind of Webhosting/ Applications you are running on your web server.

    Here's an example of the list of ports i would normally allow :

    1) The SSH Port - Default is 22, but if you've changed it to something else in sshd config, you should allow that so that you can connect to your SSH.

    2) Domain, FTP and DNS and HTTPS ports : 80, 21, 53, 443 - These in order. These are to be allowed as a must unless you're not using any of the following ports.

    3) Mails - POP3, IMAP4, SMTP : 110, 143, 25 (POP 3 with SSL uses ports 993/995) - These in order. If you're using them make sure to allow them open or else you wouldn't require them.

    4) Gaming Ports and VOIP apps or Other application's ports : Usually Gaming Ports vary and they have their own defaults, same for VOIP messenger servers like Mumble's server -Murmur has a default port of -64738 and varies per application.

    5) Control Panels - For CPanel and WHM ( Assuming that you manage the VPS and have WHM running) - Ports are 2082, 2083,2086,2087 ( SSL ports - 2083 and 2087) .

    - For Kloxo Panel it is 7777 and 7778 (SSL -7777) : Ports on Kloxo are configurable and changable.
    6) If you want to allow any specific Port ranges you can use - Portnumber1:portnumber100 (Like you have in your list 30000:35000). It is best to not allow such a huge port range open.

    So if you're not using any particular application, you can have those port numbers removed from CSF's allow Default ports list.
    1 person likes this.
  6. diegosuse

    diegosuse Guest

    Always deny ALL ports and open just the needed ones. Hope helps
  7. scotty

    scotty Guest

    For a server, I always say all IRC ports should be locked down, as they are the most common botnet ports. But as a general rule, anything you are not using, should be closed down.

Share This Page