Hello, use the ssh tool or the server provider's VNC to execute the command to check whether aapanel is normal.
curl -k https://www.aapanel.com/script/aapanel_check.sh | bash
My website has been cloned
aaPanel_Kern Specifically, where is it? Can you take a screenshot for me to see?
Do you mean add it here?
aaPanel_Kern Thanks for replying. I see that there is an issue from the server side, and it's not a problem with the panel. Could you please help confirm this?
aaP_liaowanda777
Hello, this can only be confirmed by you. Can you connect to ssh? Is it possible to use VNC from a server provider
aaPanel_Kern I added it and where can I see the log?
here 
aaPanel_Kern 
I don't see any changes, the log still appears as before
I found his ip address, but when I block the ip, it automatically changes the ip and I check all ips are from this provider.
https://www.whois.com/whois/185.162.11.230
Is there any way to block it?
sanhpv if You're using cloudflare, then You can try to create WAF and block the IPs/Country or ASN from CloudFlare.
Also, if You're targeting specific countries only, then You can create WAF in CF to allow those countries only.
note: don't forget to allow Google ASN if You want to allow specifics countries.
- Edited
Hello, you can try adding a network segment such as:
185.162.11.0/24
or
185.162.0.0/16