should I block 9000 port when I using php-fpm?

About

Asked 17/3, 2021 at 7:13 Answered 23/5, 2023 at 7:9

Should I block 9000 port when I using php-fpm?

I want to know that when I open a port 9000 and run php-fpm, can the attacker execute specific file by request my server using port number 9000.

Lissy answered 17/3, 2021 at 7:13 Comment(3)

Port 9000 should be closed for incoming connections in your firewall. There's no reason to allow external requests to PHP-FPM directly. – Warm 17/3, 2021 at 7:15

@MagnusEriksson Thanks you. Did you mean that it is possible to execute external php file by attacker using 9000 port on my server? – Lissy 18/3, 2021 at 9:7

You shouldn't have more ports open than necessary. Basically, block all ports except the ones the application needs to work (like port 80/443 for the web server for example). – Warm 18/3, 2021 at 10:49

You can conf it with

listen = 127.0.0.1:9000

to only allow it been accessed from localhost

And check it

$ netstat -tlnp | grep 9000
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:9000          0.0.0.0:*               LISTEN      -

Novelistic answered 17/3, 2021 at 7:18 Comment(0)

-1

I changed the 9000 PHP-FPM port because they put me a malware because of the default port. So it's better you change the 9000 port to another for PHP-FPM

Eggshell answered 23/5, 2023 at 7:9 Comment(2)

As you said, someone can access your FPM port. Hence you should block inbound traffic on your FPM port so that no one can access your FPM server. – Lissy 26/5, 2023 at 2:10

Changing port wouldn't secure your server if you keep it open to public. You have to configure it to listen ONLY to 127.0.0.1 – Plentiful 6/10, 2023 at 18:14

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags