FeG Deutschland
2024-08-09 01:33:01
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
TPI-Abuse
2024-08-09 01:27:47
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 21:27:41.695533 2024] [security2:error] [pid 1599824:tid 1599824] [client 109.120.179.126:52822] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||meganmurph.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "meganmurph.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrVwjSkbeojfp0yR0ifiGQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-08-09 01:08:25
(1 month ago)
[Fri Aug 09 07:47:09.415944 2024] [authz_core:error] [pid 976246:tid 134779190117952] [client 109.12 ... show more [Fri Aug 09 07:47:09.415944 2024] [authz_core:error] [pid 976246:tid 134779190117952] [client 109.120.179.126:56072] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[976288] [CJ+xe+0R9kw] [ZrVnDcqnT0IkOlFSNGhF2wAAAIA] keep_alive=[0] [2024-08-09 07:47:09.415947] [R:ZrVnDcqnT0IkOlFSNGhF2wAAAIA] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-09 00:48:24
(1 month ago)
(mod_security) mod_security (id:240000) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:240000) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 20:48:16.312123 2024] [security2:error] [pid 26451:tid 26451] [client 109.120.179.126:43874] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||acmax.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "acmax.com"] [uri "/home/images/stories/evil.php"] [unique_id "ZrVnUEPsT3GwlCQZaspvogAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 23:36:09
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 19:36:06.268865 2024] [security2:error] [pid 9278:tid 9278] [client 109.120.179.126:55932] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.comobarbershop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.comobarbershop.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrVWZsFqupRNuLclFw4AOAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
rsiddall
2024-08-08 23:15:40
(1 month ago)
2024-08-08T19:15:37.877026linnet.elirion.net drupal[12833]: https://uuha.org|1723158937|user|109.120 ... show more 2024-08-08T19:15:37.877026linnet.elirion.net drupal[12833]: https://uuha.org|1723158937|user|109.120.179.126|https://uuha.org/store/?q=user||0||Login attempt failed for uuha.
2024-08-08T19:15:38.346003linnet.elirion.net drupal[12833]: https://uuha.org|1723158938|user|109.120.179.126|https://uuha.org/store/?q=user||0||Login attempt failed for admin.
2024-08-08T19:15:38.820521linnet.elirion.net drupal[12833]: https://uuha.org|1723158938|user|109.120.179.126|https://uuha.org/store/?q=user||0||Login attempt failed for administrator.
2024-08-08T19:15:39.418266linnet.elirion.net drupal[12833]: https://uuha.org|1723158939|user|109.120.179.126|https://uuha.org/store/?q=user||0||Login attempt failed for uuha.
2024-08-08T19:15:39.912628linnet.elirion.net drupal[13580]: https://uuha.org|1723158939|user|109.120.179.126|https://uuha.org/store/?q=user||0||Login attempt failed for admin.
... show less
Brute-Force
TPI-Abuse
2024-08-08 22:55:10
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 18:55:05.971351 2024] [security2:error] [pid 11170:tid 11170] [client 109.120.179.126:55484] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.bickleton.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.bickleton.org"] [uri "/driving-directions/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrVMyUTQpdB3WaX-MNQmggAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
VHosting
2024-08-08 21:51:22
(1 month ago)
Attempt from 109.120.179.126, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
hermawan
2024-08-08 20:04:57
(1 month ago)
[Fri Aug 09 02:53:23.936536 2024] [authz_core:error] [pid 862006:tid 134779183826496] [client 109.12 ... show more [Fri Aug 09 02:53:23.936536 2024] [authz_core:error] [pid 862006:tid 134779183826496] [client 109.120.179.126:49102] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[862060] [KRwhYemCiBI] [ZrUiMxCHxT5E10oRY-fG2QAAAMw] keep_alive=[0] [2024-08-09 02:53:23.936540] [R:ZrUiMxCHxT5E10oRY-fG2QAAAMw] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
Hacking
Web App Attack
cmbplf
2024-08-08 20:01:49
(1 month ago)
6.883 POST requests in 1 hour (2w2d15h)
Brute-Force
Bad Web Bot
stinpriza
2024-08-08 19:52:26
(1 month ago)
Drupal Authentication failure
Brute-Force
Web App Attack
syokadmin
2024-08-08 19:47:59
(1 month ago)
(mod_security) mod_security (id:77140834) triggered by 109.120.179.126 (FR/France/kwzln1.aeza.networ ... show more (mod_security) mod_security (id:77140834) triggered by 109.120.179.126 (FR/France/kwzln1.aeza.network): 1 in the last 3600 secs show less
Brute-Force
Anonymous
2024-08-08 19:47:58
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TheMadBeaker
2024-08-08 19:47:50
(1 month ago)
Fail2Ban Ban Triggered
HTTP SQL Injection Attempt
Hacking
SQL Injection