Anonymous
2025-01-15 10:40:06
(2 days ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-01-13 18:41:55
(3 days ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
hermawan
2025-01-08 12:52:18
(1 week ago)
[Wed Jan 08 16:12:43.503236 2025] [security2:error] [pid 42372:tid 140582828033728] [client 111.225. ... show more [Wed Jan 08 16:12:43.503236 2025] [security2:error] [pid 42372:tid 140582828033728] [client 111.225.149.148:32722] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "image/heif" at REQUEST_HEADERS:Accept. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "73"] [id "441001"] [msg " bot downloader image HEIF Format Only Safari support "] [data "Matched Data: image/heif found within REQUEST_HEADERS:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 request_line = GET /index.php/analisis-bulanan/179-analisis-distribusi-hujan/analisis-distribusi-sifat-hujan/analisis-distribusi-sifat-hujan-malang-bulanan/analisis-distribusi-sifat-hujan-malang-bulanan-tahun-2012/428-analisis-distribusi-curah-hujan-malang-bulan-juli-tahun-2012 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/analisis-bulanan/179-an
... show less
Hacking
Web App Attack
hermawan
2025-01-05 10:30:39
(1 week ago)
[Sun Jan 05 07:04:06.505779 2025] [security2:error] [pid 84127:tid 140360523445952] [client 111.225. ... show more [Sun Jan 05 07:04:06.505779 2025] [security2:error] [pid 84127:tid 140360523445952] [client 111.225.149.148:49682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "image/heif" at REQUEST_HEADERS:Accept. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "73"] [id "441001"] [msg " bot downloader image HEIF Format Only Safari support "] [data "Matched Data: image/heif found within REQUEST_HEADERS:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 request_line = GET /index.php/publik/kegiatan/2466-infografis-kegiatan-kamis-8-juni-2023-kunjungan-mahasiswa-universitas-islam-malang HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/publik/kegiatan/2466-infografis-kegiatan-kamis-8-juni-2023-kunjungan-mahasiswa-universitas-islam-malang"] [unique_id "Z3nMdkSLT09J-j0KfUp3agAB8TM"] [staklim-jatim.
... show less
Hacking
Web App Attack
hermawan
2025-01-02 18:09:10
(2 weeks ago)
[Thu Jan 02 23:49:52.341691 2025] [security2:error] [pid 9974:tid 130444234282688] [client 111.225.1 ... show more [Thu Jan 02 23:49:52.341691 2025] [security2:error] [pid 9974:tid 130444234282688] [client 111.225.149.148:28060] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "image/heif" at REQUEST_HEADERS:Accept. [file "/etc/modsecurity/coreruleset-4.9.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "73"] [id "441001"] [msg " bot downloader image HEIF Format Only Safari support "] [data "Matched Data: image/heif found within REQUEST_HEADERS:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 request_line = GET /index.php/prakiraan-bulanan/561-prakiraan-curah-hujan-bulanan/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur-tahun-2017/555555562-prakiraan-curah-hujan-bulan-juni-tahun-2017-di-propinsi-jawa-timur-update-dari-analisis-bul..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prak
... show less
Hacking
Web App Attack
Anonymous
2025-01-02 04:29:27
(2 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Steve
2024-12-30 01:33:42
(2 weeks ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
hermawan
2024-12-25 14:48:13
(3 weeks ago)
[Mon Dec 23 14:59:15.960070 2024] [security2:error] [pid 769702:tid 124916644837056] [client 111.225 ... show more [Mon Dec 23 14:59:15.960070 2024] [security2:error] [pid 769702:tid 124916644837056] [client 111.225.149.148:22260] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "image/heif" at REQUEST_HEADERS:Accept. [file "/etc/modsecurity/coreruleset-4.9.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "70"] [id "441001"] [msg " bot downloader image HEIF Format Only Safari support "] [data "Matched Data: image/heif found within REQUEST_HEADERS:Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 request_line = GET /index.php/profil/meteorologi/list-all-categories/4016-klimatologi/analisis-klimatologi/monitoring-dan-prakiraan-curah-hujan-dasarian-di-provinsi-jawa-timur/monitoring-dan-prakiraan-curah-hujan-dasarian-di-provinsi-jawa-timur-tahun-2020/555558231-monitoring-dan-prakiraan-curah-huj..."] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/profil/
... show less
Hacking
Web App Attack
Anonymous
2024-12-21 17:31:07
(3 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-21 14:54:44
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 111.225.149.148 (bytespider-111-225-149-148.cra ... show more (mod_security) mod_security (id:210730) triggered by 111.225.149.148 (bytespider-111-225-149-148.crawl.bytedance.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 21 09:54:39.382240 2024] [security2:error] [pid 29064:tid 29064] [client 111.225.149.148:40112] [client 111.225.149.148] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.player-care.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.player-care.com"] [uri "/cb/sofi-cds/thumbs.db"] [unique_id "Z2bWr32RE09oyLwclMUeJgAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Steve
2024-12-17 03:41:59
(1 month ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
Anonymous
2024-12-12 11:13:54
(1 month ago)
Excessive crawling/scraping
Hacking
Brute-Force
Anonymous
2024-12-11 07:53:53
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-10 06:27:33
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-12-09 15:01:07
(1 month ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot