Port 2222 – DirectAdmin/SSH (Secure Shell)

Why It’s Open

Port 2222 is commonly used as an alternate SSH port and is the default port for DirectAdmin, a popular web hosting control panel. System administrators often move SSH to this port to avoid automated scanning and attacks targeting the default port 22, while hosting providers use it for DirectAdmin’s secure remote management.

Organizations may have this port open either for alternate SSH access or DirectAdmin management interfaces. It’s particularly common in web hosting environments where DirectAdmin provides server and website management capabilities.

Common Risks

• Brute Force Attacks
  Despite being non-standard, still targeted by attackers.
• Weak Authentication
  Default or weak credentials in DirectAdmin installations.
• Version Exploits
  Unpatched SSH or DirectAdmin vulnerabilities.
• Configuration Issues
  Misconfigurations in access controls or key management.
• Information Disclosure
  Service banners may reveal software versions.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Check if it’s open:

nmap -sT -p 2222

Test SSH connection:

ssh -p 2222 user@

Check DirectAdmin:

curl -k https://:2222

What to Look For

Mitigation

• Strong Authentication
  Implement key-based auth and disable password login.
• Access Controls
  Restrict access to trusted IP ranges.
• Regular Updates
  Keep SSH and DirectAdmin patched.
• Rate Limiting
  Implement connection throttling.
• Monitoring
  Enable comprehensive logging of access attempts.

TL;DR

• Port 2222 = SSH alternate / DirectAdmin
• Common in hosting environments
• Target for automated attacks
• Needs strong access controls

Known CVEs and Exploits

• CVE-2023-48795 – SSH transport protocol “Terrapin Attack” vulnerability
• CVE-2021-46417 – DirectAdmin privilege escalation vulnerability
• CVE-2020-14002 – SSH server memory corruption vulnerability