How can i disable access to cgi-sys/defaultwebpage.cgi

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,041
112
118
Houston, TX
cPanel Access Level
Root Administrator
Hello! That default website page is reached when traffic can't be served to the web page properly. This can happen if the DNS isn't configured right, or if there is an IP mismatch. There would be no way to disable this specifically due to that. It is likely someone is hitting your website or domain and getting redirected to the default page.
 

Mr.Novo

Active Member
Apr 9, 2017
40
5
58
Istanbul
cPanel Access Level
Root Administrator
Hi @cPanelAnthony

I know how that works. The main problem is i'm receiving GET attacks to http://server.hostname.com (main hostname of server) and of course its redirecting to defaultwebpage.cgi

I've changed file name so it returns 403 and added rules to mod_sec to block more than 5 times 403 requests. It works when i try to refresh 5 times but it does not work for attacker.

Almost all requests (attacks) comes from googleusercontent.com. Is there a known method to prevent or mitigate these type of attack ?

Currently mod_sec is active, my server is behind a WAF and CSF running (CSF not blocking anything btw unless i manually add the IP address)

Here some rows from /usr/local/apache/access_log

Code:
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
Regards.