Skip to main content

Suspicious bot Cpanel-HTTP-Client hitting our server

Comments

4 comments

  • Jcats
    So what I think is happening is, those are servers where the domain USED to reside on, and their AutoSSL checker is still running on the domains as they most likely still exist on that server, but since the DNS is pointing to your server they are now hitting your server. If you go to each IP: - Removed - You can see they are cPanel servers as well. Its safe to ignore them, they are not doing anything malicious, once the domains are removed from the old server, they will stop.
    0
  • caisc
    @Jcats dont think so coz some domains are hosted with us since long time and never used OVH server. Random domains random bot IPs give me feel of a fake bot pretending to be from cpanel.
    0
  • Jcats
    Not sure what else it could be, I don't see the significance behind what they are trying to do. They are trying to find locations of scripts that are used to simply verify the ownership of a domain, even if they did hit on one of the files, it contains no information at all that can be used in anyway. Try grepping those IP's through all your domlogs and see if they are doing anything else, if it seems malicious just block the IPs.
    # grep -r '192.151.150.194\|188.165.1.62' /usr/local/apache/domlogs/
    0
  • cPanelMichael
    Hello @caisc, Could you open a support ticket using the link in my signature so we can take a closer look at the log files to see what's happening? Please post the ticket number here so we can update this thread with the outcome. Thank you.
    0

Please sign in to leave a comment.