• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Way to block or remove Plesk's screenshot bot from logs

tomzag

New Pleskian
There should be a way to remove, block or filter out log entries made by Plesk screenshot bot, which now triggers each time a domain is opened in new active view, so latest log entries are then "spammed" by screenshot bot, making it clumsy to get to the actual most recent traffic in logs.

If there is a way to do this, please let me know. Apologies if this has been asked and/or answered already.
 
It should only show up once in a while in logs. Could you please provide an example how spammy your logs look?
 
You are correct, I am sorry, multiple refreshes and reloads of domain page caused multiple screenshot bot runs - we had some bad behaviour chasing recently so we spent some hectic times in logs. Sorry for wasting your time.

On a side note, does the fix that I saw mentioned later, the one stating a change in panel.ini, removes screenshot bots' entries completely? Thank you!
 
Have a server being spammed by this bot.

Code:
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/09/sport_1.jpg HTTP/1.0" 200 415 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/09/fami_1.jpg HTTP/1.0" 200 414 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/09/contact_me.svg HTTP/1.0" 200 421 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/09/photo_1.svg HTTP/1.0" 200 1217 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/09/map_1.svg HTTP/1.0" 200 1217 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/10/file028669-361x240.svg HTTP/1.0" 200 1217 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/10/file028635-361x240.svg HTTP/1.0" 200 1217 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/10/file007812-361x535.svg HTTP/1.0" 200 1051 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"
34.249.90.25 - - [21/May/2024:00:52:39 +0100] "GET /wp-content/uploads/2020/10/Anette.svg HTTP/1.0" 200 932 "https://wwwxxxxxxxxx.xx/" "Plesk screenshot bot https://support.plesk.com/hc/en-us/articles/10301006946066"

Can we confirm this IP is Plesk?

rDNS shows ec2-34-249-90-25.eu-west-1.compute.amazonaws.com.

D.
 
@Dave W and @Bitpalast did anything change in the behavior of the screenshot service/bot for you?

I don't see any monkey business going on in the log excerpt. The screenshot service requests all files related to the homepage in order to render an image.

@Dave W Rather then blocking the IP, would it not be more effective to disable the screenshot service in the panel.ini configuration?
 
At least it seems that the bot is reading a large number of files that are not related to a website's homepage. It could also be that this is not the real Plesk service, but someone else that spoofs the bot.
 
No, sorry. I saw it a few days ago in one customer account that was causing a high cpu load, but I don't remember which one that was.
 
Can we confirm this IP is Plesk?

rDNS shows ec2-34-249-90-25.eu-west-1.compute.amazonaws.com.
Sorry for the late reply to your actual question. The screenshot service works with a cluster of dynamic workers and IPs are changing constantly. So it's hard to say for sure if this IP address legitimately was used, but since it's belongs to AWS it probably was.

However let me know if you notice some unusual crawling behavior (for example on pages other then the home/index page) in your logs.
 
[...] Yeah you can see from the logs above it was crawling the whole site.
The log excerpt shows that 7 svg and 2 jpg files have been requested by the Plesk bot. That can't be the whole site? If those files are part of the website's index page then those are queried by the Plesk bot too in order to fully render the thumbnail image. To me the log excerpt does not look unusual.
 
Those URLs were not part of the main index page. It crawled the whole site, so i just firewalled the IP. life is quieter now.
 
Back
Top