• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Googlebots bypassing Nginx

tkalfaoglu

tkalfaoglu

Silver Pleskian
Server operating system version
AlmaLinux
Plesk version and microupdate number
Obsidian
Hi there. I noticed a high CPU usage in a server of ours and went to check it..

We are getting hit hard by the google bots.. the access_ssl_log contains thousands/millions of entries like:

66.249.66.204 - - [14/Nov/2022:13:18:57 +0300] "GET /index.php?rp=%2Fknowledgebase%2Ftag%2Fbar%C4%B1nd%C4%B1rmalanguage%3Dturkishlanguage%3Destonianlanguage%3Dgermanlanguage%3Destonianlangu
age%3Ddutchlanguage%3Dromanianlanguage%3Destonianlanguage%3Dczechlanguage%3Dukranianlanguage%3Dhungarianlanguage%3Darabiclanguage%3Dczechlanguage%3Dukranianlanguage%3Dswedishlanguage%3Dport
uguese-ptlanguage%3Dromanianlanguage%3Dczechlanguage%3Dportuguese-brlanguage%3Dczechlanguage%3Drussianlanguage=ukranian HTTP/1.0" 200 7070 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X B
uild/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Mobile Safari/537.36 (compatible; Googlebot/2.1; +What Is Googlebot | Google Search Central | Documentation | Google Developers)"
Click to expand...

I checked the IP and it is google indeed. I checked the settings why nginx is not being used for these innocent queries (the log file proxy_access_log file is not being used much), and although the nginx/apache settings are very permissive for this domain, they are not used:

[ ] HTTP no-cache headers are received in request
[X] HTTP authorization headers are received in request
[ ] GET nocache parameter is received in request

Any ideas what to do and how to channel these "attacks" to nginx instead?
Thanks! -t
 
But you are right -- I had to stop this, it was looping (the language parameter kept repeating), so I added the Googlebot to the string, and now it's getting 403 instead.. I already had the nginx command for a dozen more bots anyway..
Regards, -turgut
 
tkalfaoglu said:
I checked the IP and it is google indeed. I checked the settings why nginx is not being used for these innocent queries (the log file proxy_access_log file is not being used much), and although the nginx/apache settings are very permissive for this domain, they are not used:
Click to expand...
Plesk configures nginx so that accesses that are passed to apache are not logged. ("access_log off;" in the location section)
 
You must log in or register to reply here.

Similar threads

M
Question Has my site been attacked?
Replies
8
Views
1K
Peter Debik
P
Aethem
Resolved Nginx error 403 -Css not load for admin url
Replies
11
Views
2K
Aethem
Aethem
D
Resolved rel="canonical" response header is lost between Apache and Nginx proxy
Replies
6
Views
1K
Deleted member 209767
D
WhiteTiger
Issue Nginx error 504 Gateway Time-out
Replies
2
Views
3K
WhiteTiger
WhiteTiger
N
Issue 500 Internal Server Error for one of my websites
Replies
7
Views
3K
sergiomb
sergiomb
Back
Top