Book Sale! Save 20% on WordPress books with discount code: SAVE20
Web Dev + WordPress + Security

Enable PHP fsockopen with CSF

[ Mr. PHP fsockopen CSF ] Recently started some sites with Liquid Web hosting, everything going extremely well all around. There was one hiccup (at least for me) where PHP’s fsockopen was not working. At the time, I was trying to figure out why the Whois Lookup feature used by Blackhole Bad Bots was not working. Initial investigation revealed that fsockopen() external HTTP requests were getting blocked somewhere. Everything else worked, including making the requests via cURL.

Further investigation revealed that outgoing requests were blocked only on certain ports. Some ports worked fine but not the one I needed at the time (port 43). After some digging, turns out that CSF firewall is enabled on the server. And guess what, the CSF configuration specifically whitelists which ports are allowed access for incoming, outgoing, and other requests.

Solution

To enable outgoing/external requests to port 43, open /etc/csf/csf.conf via Terminal/SSH (or whatever you’re using to access the server). Make a backup of the file, and then open the original and edit the “outgoing TCP ports” to include your port number(s). Here are the default CSF ports with “43” added to the list:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"

Save changes and done. fsockopen (and anything else) now allowed to make outgoing requests and therefore function properly.

Long Story

Looking at the code, here is the command that was failing:

$sock = fsockopen($server, 43, $num, $error, 20);

Notice the “43”, that is the port number. Now, if we look at the csf.conf file, we see the default whitelisted ports for outgoing requests:

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

Notice that 43 is not on the list, so not allowed. And THAT my friends is why PHP fsockopen is not working for certain ports.

Step-by-step solution

Now to fix, let’s add our port 43 to the CSF whitelist. Here are detailed steps for those who may need them.

  1. Connect to your server via SSH/Terminal (or whatever you prefer)
  2. Locate the configuration file, csf.conf (e.g., /etc/csf/csf.conf)
  3. Make a quick backup: cp csf.conf csf.conf.bak
  4. Use vi to edit the file (or install/use nano: yum install nano)
  5. In the file, scroll to: TCP_OUT = "20,21,22,25,53,80,110,..."
  6. Add your port(s) to the list, save changes, and exit editor
  7. Now restart CSF so changes take effect: csf -r
  8. Done!

Effective results immediately, fsockopen able to connect on port 43 as required (or whatever port numbers you are working with). And keep in mind that this same process can be used for customizing other aspects of CSF.

Have fun! :)

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Blackhole Pro: Trap bad bots in a virtual black hole.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
Currently having a blast redesigning Plugin Planet, so much work so little time.
Thanks to David McCan over at WebTNG for the awesome BBQ Pro review.
Enjoyed a nice mini-vacation with my fam. Great way to recharge and regroup.
Nice little interview with yours truly over at ThemeIsle. WordPress, web dev & more!
Perishable Press celebrating 16 years online! An incredible, rewarding journey.
Thanks to Nicholas Ferrell for his excellent and thorough review of Wutsearch search-engine launchpad.
Great article about using RSS as a Facebook alternative. I use RSS/feeds for news every day. Facebook, not so much.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.