Question
I received a report that says my server is vulnerable to portmapper attacks. How do I fix this issue with port 111?
Answer
cPanel & WHM does not use rpcbind in any meaningful way. It is a system process that cPanel does not manage. It is generally related to NFS mounts. If the server does not have any of these mounts then the systems administrator should be able to disable the service.
To stop the rcpbind service, run the following commands as root:
systemctl stop rpcbind
systemctl stop rpcbind.socket
To disable the service to ensure it does not start when the server is rebooted, run the following command:
systemctl disable rpcbind
You may also wish to block the port with your server's firewall or a network firewall. This should not impact the cPanel & WHM related services.
To see if the port is open, run this command against your server's IP address to see if it's open:
nmap -Pn -sU -p U:111 --script=rpcinfo 192.0.2.0
What's the difference between a closed port and a filtered port?
If you're unsure of how to proceed with addressing this issue, you may benefit from contacting a system administrator for further investigation. If you do not have such an administrator, you may search for one in our listings here:
Please note, however, that cPanel, LLC does not endorse or recommend any particular provider on that list, nor can we be held liable for any services performed by third-party providers, including those on the list.