Why appear this in my cPanel logs? (two websites)


Hi, recently I enabled Cloudflare for two websites (I’m using shared hosting) and since yesterday I found weird stuff in my logs (cPanel)… before CloudFlare this never happend

here are some examples:

· (IP address) /pile/cmd-login=(here_goes_a_lot_of_random_characters) (without_useragent)
· (another IP address) /pile/cmd-login=(here_goes_a_lot_of_random_characters) Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/(sometimes the Chrome version change) Safari/537.36
· (another IP address) (*) Python-urllib/2.7

(*): /webdav /SQLiteManager/main.php /webadmin, etc.

It is something something to fix from my side, it is a issue from a third people doing it to cloudflare or what is happening?


Short answer:

They are searching for specific pages with login promts to brute force or with (known) vulnerabilities to exploit.

Daily business :slightly_frowning_face:

closed #3

This topic was automatically closed after 14 days. New replies are no longer allowed.