Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Google Bot triggering password resets

Discussion in 'General Discussion' started by neur0, Nov 17, 2014.

  1. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I noticed that Google bot is triggering password resets for users.
    Access Log excerpt:
    Code:
    "GET /resetpass/?action=reset&user=[I]username[/I]&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-"
    "GET /resetpass/?user=[I]username[/I]&action=reset&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-
    I checked the IP addresses and it looks like it really _is_ Google.

    What would be the best way to prevent these?
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,748
    Likes Received:
    84
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    add below to your robots.txt



    User-agent: AdsBot-Google
    Disallow: /resetpass
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the reply.
    I'm not sure where I need to put this robots.txt since it's the cPanel's daemon login that I need to restrict.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,179
    Likes Received:
    1,935
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    The URL you referenced would produce a 404 error page. Are you saying it's triggering the cPHulk brute force detection application or showing up in /usr/local/cpanel/logs/access_log ?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,748
    Likes Received:
    84
    Trophy Points:
    353
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Question is why would Google be trying to spider your cpanel log in ??
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. neur0

    neur0 Member

    Joined:
    Feb 22, 2013
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    It's not triggering the brute force protection, it's in the /usr/local/cpanel/logs/access_log (status code 200)
    A user reported getting the confirmation mail for the password reset request, and I can confirm this from the exim log.

    I honestly don't know why GoogleBot would be interested in those pages.
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,179
    Likes Received:
    1,935
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You could setup a custom firewall or Mod_Security rule that blocks access attempts to that URL.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice