0

The following message is what my hosting sent me.

How to avoid it?

Should I turn off some ports?

I have a software, once I open it, it creates such netscan. But I have to use it, any solution?

If you have any input, please help

netscan

stackmike
  • 21
  • 2
  • 1
    What's the software, and why does it do a port scan? If there's a legitimate reason, explain it to your host. – ceejayoz Apr 15 '22 at 15:12
  • 2
    Does this answer your question? [How can i find what generates a NetScan Abuse and how to prevent it?](https://serverfault.com/questions/1034078/how-can-i-find-what-generates-a-netscan-abuse-and-how-to-prevent-it) – ceejayoz Apr 15 '22 at 15:13
  • hetzner scan there own subnets for open proxy. thats normal you had not to hide the url from hetzner – djdomi Apr 15 '22 at 17:15
  • Port 1080 is the default port for SOCKS. Does your software have any configuration options for using a SOCKS proxy? – Tilman Schmidt Apr 15 '22 at 18:19
  • I would also question the wellfoundedness of your hoster's notification. The log shows a total of two (2) connection attempts, both to same destination port and with different but related destination addresses. That can hardly be considered a netscan. Note that the first four lines are just retries of the same connection, as witnessed by the constant source port. – Tilman Schmidt Apr 15 '22 at 18:25
  • @TilmanSchmidt You are correct! Our software use proxies, and the proxies have these format: 207.229.xx.xx:1031 Our proxies are US IPs. But the hosting is saying that we are abusing a number of other IPs, which I checked are African IPs. – stackmike Apr 16 '22 at 03:29
  • @ceejayoz I am not sure why the software is doing port scan. I asked the software developer, he denied his software will scan ports. Since my friend who also use the software with the same hosting (on his own VPS) is not having this issue. I accept his comment. I guess it's my own configuration issue, or there is a Trojan in my VPS. – stackmike Apr 16 '22 at 03:31
  • @ceejayoz Thanks for the link you referred me to. That person's problem and confusion is exactly the same as mine. One of the IT genius suggested that OP to do this: iptables -I OUTPUT -o enp4s0 -d 172.16.0.0/12 -j REJECT For my case, my VPS is scanning 160.116.xx.xx 1080 and 163.198.xx.xx 1080. Do I run the iptable command in CMD of my VPS? As I notice all port are 1080, how to block 1080 port? – stackmike Apr 16 '22 at 03:39
  • @TilmanSchmidt I just checked the dashboard of my proxy providers. They are http proxies, they are not socks proxies. Could I assume it is not caused by the use of proxies in the software? – stackmike Apr 16 '22 at 03:45
  • Is it possible to reject all TCP traffic? – stackmike Apr 16 '22 at 04:09
  • Difficult to say without knowing anything about the software and operating system you're using in your VPS. – Tilman Schmidt Apr 16 '22 at 14:12
  • @TilmanSchmidt Thanks for the reply. I have blocked 1080 port, plus for 80 and 443 port, I am blocking the public access. The software is running again (on Windows 10). My hosting is not contacting me so far. I hope it is not because they are on Easter holiday. – stackmike Apr 18 '22 at 04:05

0 Answers0