The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Premature end of script headers: index.php

Discussion in 'Security' started by postcd, Oct 27, 2014.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    621
    Likes Received:
    6
    Trophy Points:
    18
    Hello, on an WHM server in i see error "Premature end of script headers: index.php" (nothing else, no mentioning on which cpanel account)

    It is there repeatedly and always like 20 times and all in one second, each from another IP.

    Please how to discover which script on server does this?

    When i looked up one of the client IPs mentioned in the error log entry in apache access logs:
    grep -Ril IPHERE /usr/local/apache/domlogs

    i found its mentioned many times acros many cpanel accounts, and the IPs belongs to a crawler

    How can i globally block this crawler on WHM please ?

    Adding this:
    Into Pre virtualhost include it dont blocked it and i still see accesses in access logs
     
    #1 postcd, Oct 27, 2014
    Last edited: Oct 27, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    621
    Likes Received:
    6
    Trophy Points:
    18
    That is not what i asked, it is many different IPs.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I have moved this thread to our "Security" forum where you are likely to receive more user-feedback on the custom Mod_Rewrite rules you are seeking.

    Thank you.
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    56
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Not a rewrite rule, but an easy modsec rule anyway

    SecRule HTTP_User-Agent "MJ12bot" "deny,status:406,id:3857264"

    This would block any user agent with MJ12bot anywhere in it, including MJ12bot2
     
    postcd likes this.
Loading...

Share This Page