The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google Bot triggering password resets

Discussion in 'General Discussion' started by neur0, Nov 17, 2014.

  1. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I noticed that Google bot is triggering password resets for users.
    Access Log excerpt:
    Code:
    "GET /resetpass/?action=reset&user=[I]username[/I]&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-"
    "GET /resetpass/?user=[I]username[/I]&action=reset&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-
    I checked the IP addresses and it looks like it really _is_ Google.

    What would be the best way to prevent these?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    add below to your robots.txt



    User-agent: AdsBot-Google
    Disallow: /resetpass
     
  3. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the reply.
    I'm not sure where I need to put this robots.txt since it's the cPanel's daemon login that I need to restrict.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The URL you referenced would produce a 404 error page. Are you saying it's triggering the cPHulk brute force detection application or showing up in /usr/local/cpanel/logs/access_log ?

    Thank you.
     
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Question is why would Google be trying to spider your cpanel log in ??
     
  6. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    It's not triggering the brute force protection, it's in the /usr/local/cpanel/logs/access_log (status code 200)
    A user reported getting the confirmation mail for the password reset request, and I can confirm this from the exim log.

    I honestly don't know why GoogleBot would be interested in those pages.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page