The need for open ports for licensings
-
By looking at my development server logs, it calls out for a "Daily license update" every day and every time there is an update. The ports the callback server uses are "standard cPanel ports" which need to be accessible by your customers/yourself anyway and so shouldn't be an issue. However, if you are running the server for development purposes or similar, then just restrict which IP addresses can access the server using the two ranges given at the bottom of that page. 0 -
Thank you rbairwell. I use the solo version, so only I need access to these ports, so I use firewall to limit access. Yes, I allow access only from CP's licensing IPs to only one port, still, I prefer to be as secure as possible, but if the check is daily, I will not close the relevant rule and leave it open for the sake of CP's daily licensing check. I think CP needs to mention, in the above mentioned article, that this check is daily, so customers of CP need to make sure this communication is always open. Thank you! 0 -
Yes, I can confirm this check is daily, or every time there is a forced update. We intend that these ports be open all the time to ensure that the server is always ready to receive an update, so I'm not sure how specifically saying a daily check will happen would improve anything. 0 -
Strange, my FW doesn't see any traffic on this rule, for more than a day. I disabled it to see what happens. What do you mean by "forced update"? (besides change of the public IP of the CP installation) 0 -
I believe he means "manual update", which you can do in command line: /scripts/upcp or in WHM -> cPanel -> Upgrade to Latest Version 0 -
oh, so each request for CP version upgrade will cause a license check? 0 -
Correct, unless the license check has happened recently enough where we don't need to do it again. 0 -
As an example, here's what it looks like in the update log: ./update.3146793.133487337.1697669168.log:[2023-11-03 05:34:05 -0400] Checking license ./update.3146793.133487337.1697669168.log:[2023-11-03 05:34:05 -0400] License file check complete
You can check how often the license is checking for an update in /usr/local/cpanel/logs/license_log0 -
Got it, I enabled the rule again, as the risk is low (I hope no one will be able to breach to CP to use its systems against us...) 0
Please sign in to leave a comment.
Comments
9 comments