Hello,
I've noticed that I'm getting really large /usr/local/cpanel/logs/access_log files. The logs get rotated daily. Yesterday, when I checked, the log was over 45MB! I cat out the log file and see a bunch of stuff like this:
There's also logs for other IP addresses but the most seem to be from the loopback IP. Is this normal and is there a way to figure out what exactly is going on? It makes it very hard to see who's trying to access my cPanel stuff with all these reports. Any help would be greatly appreciated.
I've noticed that I'm getting really large /usr/local/cpanel/logs/access_log files. The logs get rotated daily. Yesterday, when I checked, the log was over 45MB! I cat out the log file and see a bunch of stuff like this:
Code:
127.0.0.1 - - [02/15/2016:07:01:20 -0000] "GET / HTTP/1.0" 401 0 "" "Cpanel::HttpRequest/2.1" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:01:20 -0000] "GET / HTTP/1.0" 401 0 "" "Cpanel::HttpRequest/2.1" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:01:20 -0000] "GET / HTTP/1.0" 401 0 "" "Cpanel::HttpRequest/2.1" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:01:20 -0000] "GET / HTTP/1.0" 401 0 "" "Cpanel::HttpRequest/2.1" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:01:20 -0000] "GET / HTTP/1.0" 401 0 "" "Cpanel::HttpRequest/2.1" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:01:33 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 20 0 0 "" "-" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:06:32 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 20 0 0 "" "-" "-" "-" 2086
127.0.0.1 - - [02/15/2016:07:11:33 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 20 0 0 "" "-" "-" "-" 2086