Status
Not open for further replies.

AlanH

Oakley Enthusiast
268
203
So my net security suite keeps blocking the forum as of late because its detection of a port scan by the site. Coming from the ip 158.106.190.207

Anyone else have this happen?
 

Shade Station Oakley Sunglasses
Register to Not see this ad

OakleyBoss

Moderator
Staff member
Administrator
3,318
703
USA
I mean the IP you listed is the site, no reason for it to be blocked though, it's our server and no one else. Does it provide any reason for blocking the IP? Have never heard of this before
 

AlanH

Oakley Enthusiast
268
203
I am thinking it's a false positive detection because it just started, my symantec end point security software pops up periodically saying port scan detected from the ip, blocking for 600s. It did not previously do that
 

OakleyBoss

Moderator
Staff member
Administrator
3,318
703
USA
I am thinking it's a false positive detection because it just started, my symantec end point security software pops up periodically saying port scan detected from the ip, blocking for 600s. It did not previously do that
Interesting, did a quick search and it said symantec looks at if multiple ports receive data in a short amount of time. I'm wondering if the data from the site is just downloading in parallel and hence the trigger. I can assure you the site is not scanning anyones computers, nor do we have any desire to. Will look into this further and see what I can find out.
 

AlanH

Oakley Enthusiast
268
203
I was thinking it could be triggered by an attachment hosting from a third party site. But yes I was doubtful it was anything with the site directly and more a signature issue or hueristic tuning problem.
 

AlanH

Oakley Enthusiast
268
203
This is what I do for a living, I just have not done to much digging with my tools at the moment
 

the_owl

the harder I work, the luckier I am.
5,439
1,173
U.S.
I assume this is just a LAMP server and it isnt on shared hosting. Not sure how this box can scan visitors unless its compromised.
I would bet its the new auto refresh feature.
 

Status
Not open for further replies.
Top