Google Bot triggering password resets

[neur0]

I noticed that Google bot is triggering password resets for users.
Access Log excerpt:

"GET /resetpass/?action=reset&user=[I]username[/I]&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-"
"GET /resetpass/?user=[I]username[/I]&action=reset&confirm=[I]code[/I] HTTP/1.1" 200 0 "" "AdsBot-Google (+http://www.google.com/adsbot.html)" "-

I checked the IP addresses and it looks like it really _is_ Google.

What would be the best way to prevent these?

 

[dalem]

add below to your robots.txt



User-agent: AdsBot-Google
Disallow: /resetpass

 

[neur0]

add below to your robots.txt



User-agent: AdsBot-Google
Disallow: /resetpass

Thanks for the reply.
I'm not sure where I need to put this robots.txt since it's the cPanel's daemon login that I need to restrict.

 

[cPanelMichael]

Thanks for the reply.
I'm not sure where I need to put this robots.txt since it's the cPanel's daemon login that I need to restrict.

The URL you referenced would produce a 404 error page. Are you saying it's triggering the cPHulk brute force detection application or showing up in /usr/local/cpanel/logs/access_log ?

Thank you.

 

[dalem]

Question is why would Google be trying to spider your cpanel log in ??

 

[neur0]

The URL you referenced would produce a 404 error page. Are you saying it's triggering the cPHulk brute force detection application or showing up in /usr/local/cpanel/logs/access_log ?

Thank you.

It's not triggering the brute force protection, it's in the /usr/local/cpanel/logs/access_log (status code 200)
A user reported getting the confirmation mail for the password reset request, and I can confirm this from the exim log.

Question is why would Google be trying to spider your cpanel log in ??

I honestly don't know why GoogleBot would be interested in those pages.

 

[cPanelMichael]

You could setup a custom firewall or Mod_Security rule that blocks access attempts to that URL.

Thank you.