cPanel_magic_revision --> Looks like the hackers found something new to attack?

jols

Well-Known Member
Mar 13, 2004
1,107
3
168
Suddenly I am seeing tons of stuff like this in the general Apache logs:

203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/squirrelmail_logo.gif HTTP/1.0" 200 3511
203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/horde.gif HTTP/1.0" 200 1579
203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1127657883/3rdparty/roundcube/skins/default/images/roundcube_logo.png HTTP/1.0" 200 4868
203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740284/webmail/x3/branding/password.jpg HTTP/1.0" 200 1263
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740284/webmail/x3/branding/forwardersemail.gif HTTP/1.0" 200 1372
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740280/webmail/x3/branding/responder.jpg HTTP/1.0" 200 685
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740281/webmail/x3/branding/manageaccounts.gif HTTP/1.0" 200 1639
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740285/webmail/x3/branding/boxtrapper.gif HTTP/1.0" 200 1688
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740281/webmail/x3/branding/ufiltering.jpg HTTP/1.0" 200 685
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1210150413/webmail/x3/js/webmaillogin_optimized.js HTTP/1.0" 200 4676
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784


Anyone know what the heck this may be all about?

Thanks much.
 

DaveUsedToWorkHere

Well-Known Member
Dec 28, 2001
686
1
318
These should not be successful. cPanel Magic Revision is a caching system which caches things like images and css sheets so your users don't have to reload them each time they user the interface. None of the cPanel Magic Revision items are available over port 80 unless you've configured apache to serve pages out of /usr/local/cpanel/ or any of its subdirectories.

You may wish to submit a ticket (see the link in my signature) so we can investigate why these requests are succeeding. I tested this on a live server here an was unable to reproduce.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
You might be seeing those in the Apache logs if your users are using the Proxy Access feature (e.g. cpanel.example.com) to access the cPanel services.
 
Thread starter Similar threads Forum Replies Date
T Security 3
G Security 1