Supposedly my computer keeps connecting to port 80, resulting in IP block

Discussion in 'Mac OS X Lion (10.7)' started by elbirth, Jul 22, 2012.

  1. macrumors 65816

    Joined:
    Jan 19, 2006
    Location:
    North Carolina, US
    #1
    Over the past couple months, I have become unable to reach my own website, and each time I've put in a support ticket about it, it turns out that my IP has been blocked for excessive (over 100 they say) connections to port 80.
    I get them to unblock my IP and then it'll go for a week or so and I'll notice I can't reach it again, and I repeat this cycle.

    They insist that it must be a virus/trojan on my computer causing the connections. While I'm not completely ruling it out, I have Little Snitch installed and always pay close attention to what I'm allowing or denying connections to, and nowhere in the existing rules or anything I ever see does it show a request that would fit this description.
    I also downloaded MacScan (which is on a 7-day trial without buying it) and I'm currently 4 hours into a full scan (so far over 300,000 files), with no spyware detected as of yet.

    I'm fairly sure it'll come up clean, so I'm reaching out to you guys. I've done a tcpdump and looked through it as much as I can and can't see where my computer is even connecting to my site. They say I have over 100 connections to it, but even Google Analytics is only telling me that my site in the past 30 days has receive 93 hits total so far (not just unique).

    Is there something else I can do to ensure that I'm clean? There are other machines (Windows-based) on my network, but none of them have been to my site before. Granted one of them could be infected, but is there anyway to use port mapping for example to allow only my computer on the network to reach my site and prevent it from any of the others to ensure it's not them too?
     
  2. macrumors 6502

    jji7skyline

    Joined:
    Aug 10, 2011
    #2
    Port 80 is the default Apache web server port, for HTTP servers. Check that your built in web servers on your Mac are turned off.

    As far as I know though, you would have to port-forward the port 80 to get it to work, so your port80 must be open somehow.

    Try using this tool to check if port 80 is open. If so, you will have to configure your router to not forward this port.

    Routers close these ports by default, so I don't know how it would be open unless you messed around with it for a web server or something.

    It could be of course, one of your Windows computers if they are on the same network. Do a virus scan on them (as you're supposed to on a daily basis anyway).

    But again, I don't see how a virus on a computer could mess up router settings.

    What is your router?
     
  3. thread starter macrumors 65816

    Joined:
    Jan 19, 2006
    Location:
    North Carolina, US
    #3
    Port 80 is closed on this computer, but I'm not sure that it would be the problem even if so. I may not have explained very well initially, so just in case, let me try to reword this a little- The issue is with a remote host that I pay for web hosting- on their end, it appears as though I am using a browser to access my site that they host via port 80 (as any normal web traffic would be). But, it's apparently hitting the server over 100 times, although I'm not sure over what period of time. As a result, my IP gets blocked, so I can't even ping their server at all. I have a friend who also hosts a site on the same server, and I can't access his site either when this happens.

    It looks like virus definitions and scans are all up to date on the Windows machines on the network, so I don't think they're causing the trouble either. Short of making everyone keep their computers offline for a week, I'm wondering if I can limit my local network traffic such that only my computer can access my remote host. I'm using an AirPort Extreme
     
  4. macrumors 6502

    jji7skyline

    Joined:
    Aug 10, 2011
    #4
    Oh, ok, so this isn't a problem with your ISP?

    I see now. Check Activity monitor for any activity that might be accessing that website.

    The simplest way would be to switch hosts. Hosts are easy to come by and there is no reason to stay with one. I'd recommend 000webhost and 1freehosting as they both offer great free web hosting services. I've not had a single problem with them both.
     
  5. thread starter macrumors 65816

    Joined:
    Jan 19, 2006
    Location:
    North Carolina, US
    #5
    Yeah exactly, it's just a web hosting company, Arvixe, that's been giving me a fit. They've been a fantastic host for almost 2 years now with no issues until now, and with stacking coupons I had found, it's extremely affordable, and I just hate dealing with changing hosts if I can help it.
    I feel like it's a problem on their end, as they recently migrated all of the sites on the shared box that I'm on to newer/better hardware and that's when this issue started happening.

    I also realized that I have a weekly Wordpress backup to Dropbox, so I've disabled that for the time being to see if it's somehow related. It should be Dropbox's IP hitting the site though, not mine, so I don't think that's it. I should be good for another week as of today though, and I'll see if it resolves itself since I haven't been able to find any other possible answers.

    Also- how would I go about using Activity Monitor to see specific web activity? I've just only known about the overall inbound/outbound traffic, but didn't know it was possible to monitor anything specific.
    I've done a tcpdump in Terminal and tried searching through it and haven't see anything at least.
     
  6. macrumors 6502

    jji7skyline

    Joined:
    Aug 10, 2011
    #6
    My mistake, I meant look at the Console, /Applications/Console. Once I had an application that kept sending something to a server even after I uninstalled it, possibly personal information. It went away only after a clean install :p
     
  7. thread starter macrumors 65816

    Joined:
    Jan 19, 2006
    Location:
    North Carolina, US
    #7
    A ha! Thanks, will definitely look that over. Maybe once Mountain Lion is out and I've got installed, my issue will vanish as well :\
     
  8. macrumors 6502

    jji7skyline

    Joined:
    Aug 10, 2011
    #8
    I definitely hope so. Also check if anyone else in the house is experimenting with PHP or that kind of stuff :p
     

Share This Page