OiledAmoeba
2024-08-16 13:56:59
(3 weeks ago)
109.237.99.29 - - [16/Aug/2024:15:56:55 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 2 ... show more 109.237.99.29 - - [16/Aug/2024:15:56:55 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 258 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.656 "-"
109.237.99.29 - - [16/Aug/2024:15:56:56 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 256 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.569 "-"
109.237.99.29 - - [16/Aug/2024:15:56:57 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 291 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.579 "-"
109.237.99.29 - - [16/Aug/2024:15:56:57 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.503 "-"
109.237.99.29 - - [16/Aug/2024:15:56:58 +0200] "www.ruhnke
... show less
Brute-Force
el-brujo
2024-08-16 10:05:20
(3 weeks ago)
16/Aug/2024:12:05:20.380077 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:12:05:20.380077 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr8kYPhq9tGEk-exJhjCHAABNQc"]
... show less
Hacking
Web App Attack
el-brujo
2024-08-16 07:55:26
(3 weeks ago)
16/Aug/2024:09:55:25.721800 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:09:55:25.721800 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr8F7YJxM6MonX9fy0pLhwAALCY"]
... show less
Hacking
Web App Attack
el-brujo
2024-08-16 06:52:32
(3 weeks ago)
16/Aug/2024:08:52:32.096523 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:08:52:32.096523 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "p
... show less
Hacking
Web App Attack
backslash
2024-08-16 06:44:36
(3 weeks ago)
Attacker tried to upload "evil.php, configuration.php, udd.php" script. After failing attempts, he t ... show more Attacker tried to upload "evil.php, configuration.php, udd.php" script. After failing attempts, he tried to disguise the malicious files as images. In the end he searched for "Ajax upload" and "OpenFlashChart" plugins show less
Exploited Host
el-brujo
2024-08-16 05:12:02
(3 weeks ago)
16/Aug/2024:07:12:01.739618 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:07:12:01.739618 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr7foern70LYjARm7lFFxwAA_Qk"]
... show less
Hacking
Web App Attack
stinpriza
2024-08-16 04:14:34
(3 weeks ago)
Drupal Authentication failure
Brute-Force
Web App Attack
el-brujo
2024-08-16 01:45:17
(3 weeks ago)
16/Aug/2024:03:45:16.814107 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:03:45:16.814107 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr6vLCX4HEaQgA7WcVXxhAAAbh8"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-16 00:47:54
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 i ... show more (mod_security) mod_security (id:234930) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 20:47:50.874025 2024] [security2:error] [pid 18944:tid 18944] [client 109.237.99.29:37842] [client 109.237.99.29] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.ncrcs.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.ncrcs.org"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr6htnXWClgzXRBZojMwCQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-15 23:43:38
(3 weeks ago)
16/Aug/2024:01:43:38.107139 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:01:43:38.107139 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr6SqiX4HEaQgA7WcVViJAAAeiI"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-15 21:46:55
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 i ... show more (mod_security) mod_security (id:234930) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 17:46:49.508191 2024] [security2:error] [pid 7622:tid 7622] [client 109.237.99.29:50810] [client 109.237.99.29] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.newdirectionsinmusic.com"] [uri "/3455-2/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr53SaEJI5O-GAsutbfN3gAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-08-15 21:08:46
(3 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
el-brujo
2024-08-15 20:13:33
(3 weeks ago)
15/Aug/2024:22:13:32.884772 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Aug/2024:22:13:32.884772 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 109.237.99.29] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr5hbJoxMno5iz9S7w5ysQABnjQ"]
... show less
Hacking
Web App Attack
MortimerCat
2024-08-15 19:22:45
(3 weeks ago)
Unauthorised use of XMLRPC
Web App Attack
TPI-Abuse
2024-08-15 19:22:33
(3 weeks ago)
(mod_security) mod_security (id:240000) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 i ... show more (mod_security) mod_security (id:240000) triggered by 109.237.99.29 (absurd-sky_n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 15:22:28.966645 2024] [security2:error] [pid 25292:tid 25292] [client 109.237.99.29:44328] [client 109.237.99.29] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.justfusion.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.justfusion.com"] [uri "/images/stories/up.php"] [unique_id "Zr5VdEQZ5rBQdrPSE5hkNQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack