The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache retrieving MIRRORING.FROM from itself

Discussion in 'Security' started by movielad, Nov 8, 2011.

  1. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    We've a customer who has noticed the following

    xxx.xxx.xxx.xxx - - [08/Nov/2011:04:01:58 +0000] "GET
    /pub/mirrors/ftp.cpan.org/MIRRORING.FROM HTTP/1.0" 403 255 "-" "-"
    xxx.xxx.xxx.xxx - - [08/Nov/2011:04:02:22 +0000] "GET /MIRRORING.FROM
    HTTP/1.0" 403 255 "-" "

    in the log files of his domain and was wondering if anybody could shed some light on what it's referring to. The xxx.xxx.xxx.xxx is the server's own IP so it's attempting to retrieve the URL itself.
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    How frequently is this happening in the log files? Is there some cron associated with it basically?
     
  3. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    I'm getting more information from the customer, but is there anything within the cPanel/WHM system that would generate these log entries? I can't see anything obvious in the root's crontab.
     
  4. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi ,

    please check the domain account user crontab by issuing the command crontab -l -u user in shell .

    What about the domain user account ,does cpanel user have permission to run the cpan shell ?
     
  5. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    There's nothing in the user's crontab to suggest the action - all jobs are PHP processes anyway. To confirm: this particular log entry relates to a specific user, there appears to be nothing to suggest within the root or user crontab that something would touch CPAN stuff. The origin IP is the server's public IP.

    Regards,

    Martyn
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Can you check /var/log/cron to see if any cron is showing there during the times this is happening rather than checking individual crontabs? There are so many cron locations (/var/spool/cron, /etc/crontab for /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly, and /etc/cron.monthly cron folders which have individual cron jobs) that is makes more sense to check /var/log/cron for the cron logs to see if any cron is logged as running during the times this is happening.

    Edit: It appears a ticket was opened about this matter (ticket number 2016817). Please always update a thread with an open ticket and mention the forum thread in the ticket opened whenever possible to make it easier to know what has been discussed and follow up on any resolution. Thanks!
     
Loading...

Share This Page