wnbhosting.dk
2024-12-27 02:14:53
(2 weeks ago)
WP xmlrpc [2024-12-27T03:14:53+01:00]
Hacking
Web App Attack
weblite
2024-12-27 00:26:56
(2 weeks ago)
LONG_RUNNING WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
Marc
2024-12-26 22:09:30
(2 weeks ago)
Brute-Force
cmbplf
2024-12-26 20:03:24
(2 weeks ago)
2.124 requests from abuseipdb.com blacklisted IP (6mos1w6h)
Brute-Force
Bad Web Bot
wnbhosting.dk
2024-12-26 20:02:06
(2 weeks ago)
WP xmlrpc [2024-12-26T21:02:06+01:00]
Hacking
Web App Attack
wnbhosting.dk
2024-12-26 18:50:09
(2 weeks ago)
WP xmlrpc [2024-12-26T19:50:09+01:00]
Hacking
Web App Attack
Anonymous
2024-12-26 17:44:37
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
BlueWire Hosting
2024-12-26 15:10:26
(2 weeks ago)
Probing for Wordpress vulnerabilities
Bad Web Bot
Web App Attack
psauxit
2024-12-26 11:11:37
(2 weeks ago)
Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less
Hacking
Web App Attack
Kenshin869
2024-12-26 10:52:05
(2 weeks ago)
Wordpress unauthorized access attempt
Brute-Force
TPI-Abuse
2024-12-26 07:27:18
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the l ... show more (mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 26 02:27:15.397856 2024] [security2:error] [pid 4209:tid 4209] [client 103.161.172.29:52214] [client 103.161.172.29] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.161.172.29 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bogl.no"] [uri "/xmlrpc.php"] [unique_id "Z20FU9gyYzsIfKNg9U8k7AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-26 07:07:01
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the l ... show more (mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 26 02:06:55.941689 2024] [security2:error] [pid 19411:tid 19411] [client 103.161.172.29:57164] [client 103.161.172.29] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.161.172.29 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bogl.no"] [uri "/xmlrpc.php"] [unique_id "Z20Aj08fiphGZt0zqIQYKgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
BRHosting
2024-12-26 05:30:06
(2 weeks ago)
Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)
Brute-Force
Web App Attack
TPI-Abuse
2024-12-26 04:26:15
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the l ... show more (mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 25 23:26:11.353091 2024] [security2:error] [pid 2487:tid 2487] [client 103.161.172.29:33612] [client 103.161.172.29] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.161.172.29 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bogl.no"] [uri "/xmlrpc.php"] [unique_id "Z2za4_Qt9OKIQmIWjFXUEQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-26 02:59:42
(2 weeks ago)
(mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the l ... show more (mod_security) mod_security (id:240335) triggered by 103.161.172.29 (sv1.saigondata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 25 21:59:35.581551 2024] [security2:error] [pid 12062:tid 12062] [client 103.161.172.29:58544] [client 103.161.172.29] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 103.161.172.29 (+1 hits since last alert)|bogl.no|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bogl.no"] [uri "/xmlrpc.php"] [unique_id "Z2zGl8hepPE1ysmU02ygAQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack