What does this mean relative to the situation on my site and it's security? Has it been compromised in some way? Of course, I know what a port scan is but I don't know what this means for my forum or site. I thought it was better to come to you guys first, and my hosting provider second.
Elwave O.O
If that user has a firewall, it should block port scanning so I guess that's technically not possible - plus the modem would block that too I guess.
But your website might have tried to do it though. A bad PHP script can do that I guess by connecting to that user's IP and doing an fsockopen() inside a for loop for example, but the modem would ask for username and password to access it, if well setup of course.
I'd be asking the user for some evidence that your site has done a port scan. I can honestly say that not one aspect of the default MyBB code runs a repeating loop with the php open socket function. Maybe a plugin you installed has some bad code but I doubt a plugin would need to do that unless it was malicious in any way.
Yeah that's why I was concerned. I don't believe I have any suspicious plugins, just simple things like buddy lists on profiles, shoutbox, wall posts, all that kind of stuff, and all from the MyBB site as I recall.
How odd. Yes I should chat to the user themselves I think
Also, make note: A poorly setup firewall can sometimes report it is being port scanned when a program opens 2 consecutive ports. I haven't seen this in a couple years, but it has happened in the past.
Two consecutive ports? You mean the standard way FTP works?
(2010-08-19, 05:03 PM)laie_techie Wrote: [ -> ]Two consecutive ports? You mean the standard way FTP works?
Unfortunately yes
Like I said, I haven't seen this happen in a few years. And then it was with someone's home grown firewall on a Linux server... one that they hadn't configured very well at all.