CSF blocks my IP trying to access Webmin

Question

I'm in no way a sysadmin, so bear with me a little.

I have a cloud server running Centos 5. I have Virtualmin/Webmin with a handful of sites running without issue. I also have CSF installed to stop persistent bot attacks.

I can access all my sites HTTP and HTTPS (without SSL) and they work fine.

When I attempt to access my Webmin's web interface

https://myhost.co.uk:10000

My browser hangs, eventually times out. I can no longer access any of my sites due to CSF adding my IP to the temp disallow list, here's the log entry:

*Port Scan* detected from 213.86.xxx.xxx (GB/United Kingdom/-). 16 hits in the last 187 seconds - *Blocked in csf* for 3600 secs

Once I unblock my IP and add it to the temp allow list, I can access the web UI login page.

Any ideas why the initial request is being disallowed?

No - I just added them in and it seems to have fixed the issue. Feel free to answer this question and I'll accept it. — Dan J, Jan 10 '13 at 12:03

score 3 · Accepted Answer · answered Jan 10 '13 at 16:38

3

CSF will consider any hits to ports not whitelisted in csf.cfg's TCP_IN setting to be a port scanning attempt.

Since 10000 is a legitimate port for you, add it to the list in TCP_IN and TCP_OUT and you'll be good to go.

answered Jan 10 '13 at 16:38

ceejayoz

32,469
7
81
105

If you do this, then anyone can access the Webmin login. We use approved IP addresses and using GLOBAL_DYNDNS in CSF, so we cannot allow port 10000, so in this case for us, this solution is not a solution. Its best to identify the reason for port scanning. We have many port scanning to one server, not our others, very strange. – Laurence Cope Feb 02 '14 at 12:22

CSF blocks my IP trying to access Webmin

1 Answers1