Every server listens on numbered ports — from 1 to 65535. Each open port is a potential entry point for attackers. A port scanner tells you which ports are open, so you can close the ones you do not need.
What Is a Port?
A network port is a logical endpoint for communication. When a service runs on a server, it binds to a port number. HTTP binds to port 80. HTTPS binds to port 443. SSH binds to port 22. If a port is open, a service is listening on it.
Common Ports and What They Mean
- Port 22 — SSH (remote shell access). Should be firewalled or moved to a non-standard port.
- Port 80 — HTTP. Should redirect to HTTPS; the port itself can be open.
- Port 443 — HTTPS. Must be open for your website to work.
- Port 3306 — MySQL database. Should NEVER be publicly open.
- Port 3389 — Windows RDP (Remote Desktop). A major attack target — should be firewalled.
- Port 21 — FTP. Insecure — use SFTP (port 22) instead.
- Port 25 — SMTP mail relay. Should be blocked on outbound from most servers.
How to Scan Open Ports
Use Anonymiz Port Scanner to check which ports are open on any IP address or domain. Scan common ports or a custom range. Free, no account needed.
How to Close Unnecessary Ports
Close ports using your server firewall:
# Linux UFW
ufw deny 3306
ufw deny 3389
# Linux iptables
iptables -A INPUT -p tcp --dport 3306 -j DROPOn your hosting control panel (cPanel, aapanel, Plesk), use the Firewall section to block specific ports.
Security Best Practices
- Only open ports that your services actually need.
- Move SSH from port 22 to a non-standard port (e.g. 2222) to reduce automated attacks.
- Use a firewall to restrict access by IP where possible (e.g. only allow database port from your app server IP).
- Re-scan after any server changes to confirm your firewall rules are applied correctly.
