Why is googlebot requesting robots.txt from my SSH server?

Question

I run ossec on my server and periodically I receive a warning like this:

Received From: myserver->/var/log/auth.log
Rule: 5701 fired (level 8) -> "Possible attack on the ssh server (or version gathering)."
Portion of the log(s):

Nov 19 14:26:33 myserver sshd[2105]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.73.226

The IP address always corresponds to a google crawler. But why in the world would googlebot be trying to index my SSH server? We run SSH on the standard, well-known port (22), so it seems like google would know better than to look for a web server there. And we definitely haven't published any links that would lead it to believe otherwise.

score 3 · Answer 1 · edited Nov 20 '13 at 17:32

3

Have you searched google for <Your IP>:22? I'm sure you haven't published it anywhere as you say, but any old idiot can put up a link to anywhere that googlebot can notice. Have you had this IP block for a while?

It seems much less likely, though not impossible, that Google is starting to do something about the 'dark web' that they've talked about before (searching commonly non-firewalled ports for stealth webservers).

There's a no-useful-answer question on Google's forum from a couple years ago where somebody was seeing it on their mail server:

edited Nov 20 '13 at 17:32

voretaq7

79,345
17
128
213

answered Nov 20 '13 at 17:12

Bill McGonigle

647
5
8

I've searched for every hostname/address that resolve to this host, but no results. – Brian Nov 22 '13 at 15:25

Why is googlebot requesting robots.txt from my SSH server?

1 Answers1