The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel_magic_revision --> Looks like the hackers found something new to attack?

Discussion in 'General Discussion' started by jols, Jul 15, 2008.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Suddenly I am seeing tons of stuff like this in the general Apache logs:

    203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/squirrelmail_logo.gif HTTP/1.0" 200 3511
    203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/horde.gif HTTP/1.0" 200 1579
    203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1127657883/3rdparty/roundcube/skins/default/images/roundcube_logo.png HTTP/1.0" 200 4868
    203.30.105.238 - - [14/Jul/2008:00:48:24 -0500] "GET /cPanel_magic_revision_1184740284/webmail/x3/branding/password.jpg HTTP/1.0" 200 1263
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740284/webmail/x3/branding/forwardersemail.gif HTTP/1.0" 200 1372
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740280/webmail/x3/branding/responder.jpg HTTP/1.0" 200 685
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740281/webmail/x3/branding/manageaccounts.gif HTTP/1.0" 200 1639
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740285/webmail/x3/branding/boxtrapper.gif HTTP/1.0" 200 1688
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740281/webmail/x3/branding/ufiltering.jpg HTTP/1.0" 200 685
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1210150413/webmail/x3/js/webmaillogin_optimized.js HTTP/1.0" 200 4676
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784
    203.30.105.238 - - [14/Jul/2008:00:48:25 -0500] "GET /cPanel_magic_revision_1184740262/webmail/x3/images/getstart-bg.jpg HTTP/1.0" 200 2784


    Anyone know what the heck this may be all about?

    Thanks much.
     
  2. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    These should not be successful. cPanel Magic Revision is a caching system which caches things like images and css sheets so your users don't have to reload them each time they user the interface. None of the cPanel Magic Revision items are available over port 80 unless you've configured apache to serve pages out of /usr/local/cpanel/ or any of its subdirectories.

    You may wish to submit a ticket (see the link in my signature) so we can investigate why these requests are succeeding. I tested this on a live server here an was unable to reproduce.
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You might be seeing those in the Apache logs if your users are using the Proxy Access feature (e.g. cpanel.example.com) to access the cPanel services.
     
  4. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Okay, thanks very much.
     
Loading...
Similar Threads - cPanel_magic_revision Looks hackers
  1. Valetia
    Replies:
    1
    Views:
    361

Share This Page