How can i disable access to cgi-sys/defaultwebpage.cgi

[Mr.Novo]

Hi,

Lately i'm getting tons of requests to https://serverhostname.com/cgi-sys/defaultwebpage.cgi

Which is causing high load.

CSF not blocking or mitigating anything. I've disabled the redirect but i think attacks are directly to that page.

Is there anyway to completely disable the path ?

 

[Mr.Novo]

Well files located at /usr/local/cpanel/cgi-sys

I've changed file names seems that will hold it for a while unless they try something else.

 

[cPanelAnthony]

Hello! That default website page is reached when traffic can't be served to the web page properly. This can happen if the DNS isn't configured right, or if there is an IP mismatch. There would be no way to disable this specifically due to that. It is likely someone is hitting your website or domain and getting redirected to the default page.

 

[Mr.Novo]

Hi @cPanelAnthony

I know how that works. The main problem is i'm receiving GET attacks to http://server.hostname.com (main hostname of server) and of course its redirecting to defaultwebpage.cgi

I've changed file name so it returns 403 and added rules to mod_sec to block more than 5 times 403 requests. It works when i try to refresh 5 times but it does not work for attacker.

Almost all requests (attacks) comes from googleusercontent.com. Is there a known method to prevent or mitigate these type of attack ?

Currently mod_sec is active, my server is behind a WAF and CSF running (CSF not blocking anything btw unless i manually add the IP address)

Here some rows from /usr/local/apache/access_log

34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:36 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.105.52.184 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"
34.81.247.124 - - [22/Nov/2021:13:13:37 +0300] "GET / HTTP/1.1" 200 163 "-" "-"

Regards.