Foreign IP address appears in Action Log in "Plesk component upgrade" action properties

Created:

2016-11-16 13:07:01 UTC

Modified:

2017-08-08 13:35:51 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Foreign IP address appears in Action Log in "Plesk component upgrade" action properties

Applicable to:

  • Plesk 12.0 for Linux

Symptoms

Plesk Action Log shows "Plesk component upgrade" events with non-local and un-recognized IP address of origin: 203.0.113.2 admin [2013-06-04 11:19:32] 'Plesk component upgrade' ('COMP_SERVICE_NODE': '1' => '1', 'Plesk component name': 'awstats' => 'awstats')
203.0.113.2 admin [2013-06-04 11:19:33] 'Plesk component upgrade' ('COMP_SERVICE_NODE': '1' => '1', 'Plesk component name': 'bind' => 'bind')
203.0.113.2 admin [2013-06-04 11:19:33] 'Plesk component upgrade' ('COMP_SERVICE_NODE': '1' => '1', 'Plesk component name': 'courier-imap' => 'courier-imap')
203.0.113.2 admin [2013-06-04 11:19:34] 'Plesk component upgrade' ('COMP_SERVICE_NODE': '1' => '1', 'Plesk component name': 'httpd' => 'httpd')

Cause

Plesk updates information about installed components in background, when opening login page. This update is required to be aware of any updates in list of available components and therefore functions, available to control panel user. Such check is not performed every time, but with certain period, once data about installed components is considered outdated.

Presence of foreign IP address in logs means that someone visited Plesk login page and Plesk ran component update check in background. However, presence of such records does not indicate unauthorized access to control panel.

In short, such records can be safely ignored.

Have more questions? Submit a request
Please sign in to leave a comment.