Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

whm-server-status requests

Discussion in 'Security' started by dzamanakos, Mar 25, 2019.

Tags:
  1. dzamanakos

    dzamanakos Well-Known Member

    Joined:
    Feb 15, 2014
    Messages:
    46
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi, i'm using litespeed and i've noticed in my /var/log/apache/error_log lines like :
    [127.0.0.1:34460] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34466] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34468] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34472] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34474] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34478] File not found [/var/www/html/whm-server-status]
    [127.0.0.1:34488] File not found [/var/www/html/whm-server-status]

    In /var/log/apache2/access_log i get :
    127.0.0.1 - - [20/Mar/2019:09:14:17 +0200] "GET /whm-server-status HTTP/1.1" 404 10073 "-" "HTTP-Tiny/0.070"

    I have almost 1 request every 1-2 seconds to both log files.

    I dont know if that requests come from some cpanel service that is trying to check if apache is up or something about apache status, or someone runs scripts in order to use the security problem posted some time ago for cpanel's apache whm-server-status (Massive Security Flaw Found In Shared Hosting Providers).

    If that request comes from cpanel service, how can i disable it, as it's logging (hard disk i/o without reason) too many lines?

    If it's not coming from cpanel, is there a way to check which user is trying to connect (user domain logs dont have requests to that url)?

    best regards,
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @dzamanakos,

    LiteSpeed does not support the use of the whm-server-status page and thus "File not found" errors are reported in the error log whenever a cPanel & WHM feature that relies on the page attempts to access it. It's used across multiple features, so there's no way to easily disable those local access attempts at this time. We do have a internal case open (ZC-4828) to explore removing the reliance on whm-server-status. There's no time frame to offer at this time, but I'll update this thread more information on it's status as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Del Drago likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice