Security Issues
What an issue means, how severities are ranked, and the fix-and-resolve workflow with ready-made commands.
A security issue (alert) means a scan found a port open to the internet that you have not marked as expected. Each issue explains, in plain language, what the port is, why it matters, and exactly how to close it.
Severity levels
| Severity | Triggered by |
|---|---|
| Critical | Exposed data stores and remote access: ports 3306 (MySQL), 5432 (PostgreSQL), 27017 (MongoDB), 6379 (Redis), 3389 (RDP), 5900 (VNC), 23 (Telnet), 445 (SMB), 139 (NetBIOS). |
| High | Unencrypted or commonly attacked services: ports 22 (SSH (assume no key auth)), 21 (FTP), 25 (SMTP), 110 (POP3), 143 (IMAP), 8080 (HTTP Alt), 8443 (HTTPS Alt). |
| Medium | Application and development servers: ports 8000 (Common dev port), 3000 (Node.js), 5000 (Flask), 9000 (PHP-FPM), 4000 (Development), 5001 (Development). |
| Low | Standard web ports (80, 443) and anything not in a higher tier. |
Fixing an issue
- 1
Open the issue
Read the explanation. It says what is exposed and what the risk is.
- 2
Choose your platform
Fix commands are generated for your firewall:
ufw,iptables,aws_sg,gcp_fw,azure_nsg,generic. Copy, review, run. - 3
Mark it fixed
Click I've Fixed This. If a later scan still finds the port open, the issue comes back, so you know for sure.
Closing some ports can lock you out (SSH, remote desktop). When a fix is risky, the commands come with a warning. Read it before you run anything.
Issues resolve themselves too
If a scan finds a previously-alerted port closed, the issue is resolved automatically. And if the port was actually supposed to be open, use Allow this port on the issue. That creates an Allowed Ports rule and resolves the issue in one step.