There are chances you got some abuse cases that your server is being used to scan other servers. Usually it happened when you use your server for shared hosting purposes. Due to lack of security measures, you users or a hacker after obtaining access of any account in your server may be in activity of scanning other’s servers on specific ports. You can restrict your server’s users to access other servers by restricting IPs along with specific ports.
If you have not already installed CSF (Firewall), install it first by following steps here: https://download.configserver.com/csf/install.txt
After opening interface of ConfigServer Security & Firewall , click on button “Firewall Deny IPs” or edit file “/etc/csf/csf.deny“
Insert below lines and SAVE.
tcp|out|d=443|d=0.0.0.0/24 “do not delete”
udp|out|d=443|d=0.0.0.0/24 “do not delete”
tcp|out|d=80|d=0.0.0.0/24 “do not delete”
udp|out|d=80|d=0.0.0.0/24 “do not delete”
TCP / UDP is the protocol, Next is the port you want to block then the IP address or full range then “do not delete” will assure that these lines will always remain in the file till the time you will delete them manually, If you will not insert it, these lines will remove once limit of records will reach.
To test if IP access is blocked, run below command in shellnc -vz 8.8.8.8 443
Leave a Reply