• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Open and Listening ports issue, unknown ports opened

S

sitenet

New Pleskian
Server operating system version
ubuntu 20.04
Plesk version and microupdate number
18.0.48
Hi, I don't use FTP. So, if I disable port 20 and 21 will there be any kind of issue?

https://imgur.com/7vl5MiB

Also, I saw port 12346 and 953 is open. Should I close it? I just want to run sites. Plesk have some default ports open which is good but I see 12346 and 953 is open too. I don't know what it is used for, so close it?
 
Hello @sitenet, I see from this and your other post you are really worried about server security, which is basically a good thing. However, on a server there are many services that need to communicate with each other, and there are many routes through services and even from and to external resources that must remain open so that all the things your host computer and the software on it must do can be complete successfully.

Port 953 for example may not be widely known, but it is indeed something very useful for the domain name resolution. It should not be blocked when your server is in any way involved with resolving domain names, e.g. if you have a BIND daemon on it (the BIND component for example).

Port 12346 (from your image) is in the ephemeral range. It is very likely used by some service to transmit data. Ephemeral ports should not be closed. There are no services behind such ports, so if an attacker was to drive an attack against such a port, nothing will respond, because no service is listening. But when you close such ports, several internal and internal-to-external transactions will fail, because some services won't be able to communicate data packets any longer.

Please have a look at this useful Wikipedia article, maybe it can help you to spend your evening relaxed with a cup of tea ;-) not worrying so much about the firewall stuff and co. Plesk comes with ready-to-use firewall settings. For most any cases there is no need to do extra configurations.

List of TCP and UDP port numbers - Wikipedia

en.wikipedia.org en.wikipedia.org
Plesk also has a list for you with the ports that Plesk software needs:
docs.plesk.com

Ports Used by Plesk

For Plesk and its services to work correctly, certain ports must not be blocked.
docs.plesk.com docs.plesk.com

And again: Relax. Plesk has a slogan: "Build Secure Run", and it's really that simple. The "Secure" is paid a lot attention to. You are good to go with a default setup for most scenarios.
 
Peter Debik said:
Hello @sitenet, I see from this and your other post you are really worried about server security, which is basically a good thing. However, on a server there are many services that need to communicate with each other, and there are many routes through services and even from and to external resources that must remain open so that all the things your host computer and the software on it must do can be complete successfully.

Port 953 for example may not be widely known, but it is indeed something very useful for the domain name resolution. It should not be blocked when your server is in any way involved with resolving domain names, e.g. if you have a BIND daemon on it (the BIND component for example).

Port 12346 (from your image) is in the ephemeral range. It is very likely used by some service to transmit data. Ephemeral ports should not be closed. There are no services behind such ports, so if an attacker was to drive an attack against such a port, nothing will respond, because no service is listening. But when you close such ports, several internal and internal-to-external transactions will fail, because some services won't be able to communicate data packets any longer.

Please have a look at this useful Wikipedia article, maybe it can help you to spend your evening relaxed with a cup of tea ;-) not worrying so much about the firewall stuff and co. Plesk comes with ready-to-use firewall settings. For most any cases there is no need to do extra configurations.

List of TCP and UDP port numbers - Wikipedia

en.wikipedia.org en.wikipedia.org
Plesk also has a list for you with the ports that Plesk software needs:
docs.plesk.com

Ports Used by Plesk

For Plesk and its services to work correctly, certain ports must not be blocked.
docs.plesk.com docs.plesk.com

And again: Relax. Plesk has a slogan: "Build Secure Run", and it's really that simple. The "Secure" is paid a lot attention to. You are good to go with a default setup for most scenarios.
Click to expand...
Thank you for clearing my confusion. It's clear now. I was just a bit extra worried. @Peter Debik
 
You must log in or register to reply here.

Similar threads

M
Question How to List all current Open Ports on Plesk Obsidian
Replies
9
Views
553
MHC_1
M
M
Issue Node+Phusion port conflicts
Replies
3
Views
351
alvarezcruz
alvarezcruz
R
Question Disable FTP on single ip address
Replies
3
Views
323
Kaspar
K
D
Question Service Unavailable port 8443 Plesk Not Working
Replies
1
Views
7K
Kaspar@Plesk
Kaspar@Plesk
K
Resolved Monitoring Plesk port via uptimerobot.com makes trouble since (ca.) version 18.0.65
Replies
13
Views
1K
King555
K
Back
Top