COMAITE
|
|
Multiple web server 400 error codes from same source ip 120.89.41.98.
|
Web App Attack
|
|
conseilgouz
|
|
are-0 : Trying access unauthorized files=>/wp-admin/images/admin.php()
|
Hacking
|
|
Anonymous
|
|
CPOWCO WEBEXPLOIT 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com)
|
Web App Attack
|
|
Anonymous
|
|
Fail2Ban - Nginx Bot Probes
|
Web App Attack
|
|
OuverneY
|
|
FW-PortScan: Traffic Blocked (Port=80 <- 64 attempts), (Port=443 <- 4 attempts), Total connections: ... show moreFW-PortScan: Traffic Blocked (Port=80 <- 64 attempts), (Port=443 <- 4 attempts), Total connections: 136, Total destination IPs: 1 show less
|
Port Scan
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 21:57:48.468731 2024] [security2:error] [pid 22599:tid 22599] [client 120.89.41.98:62917] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||verenacastle.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "verenacastle.com"] [uri "/images/stories/radio.php"] [unique_id "Zy1-LMImyfVBHbpp74Z41gAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
wordpress-trap
|
Web App Attack
|
|
rsa
|
|
GET /wp-includes/certificates/radio.php HTTP/1.1
|
Hacking
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 10:18:53.990931 2024] [security2:error] [pid 24849:tid 24849] [client 120.89.41.98:54188] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||heavenwny.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "heavenwny.com"] [uri "/images/stories/radio.php"] [unique_id "ZyzaXTMeokOKC-dC0wpitwAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 08:27:23.034327 2024] [security2:error] [pid 13991:tid 13991] [client 120.89.41.98:51751] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||tanny.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "tanny.com"] [uri "/images/stories/radio.php"] [unique_id "ZyzAO9SKNBc-zcvzl2b3PAAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Firewall has blocked 142 attacks over the last 10 minutes. Blocked for Known malicious User-Agents.
|
DDoS Attack
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 22:17:00.926726 2024] [security2:error] [pid 17062:tid 17062] [client 120.89.41.98:59600] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||oceansgift.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "oceansgift.com"] [uri "/images/stories/radio.php"] [unique_id "ZywxLJhlFkYH6glqCXKrjgAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
wordpress-trap
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 15:45:57.109385 2024] [security2:error] [pid 2014:tid 2014] [client 120.89.41.98:53421] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||atomicmc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "atomicmc.com"] [uri "/images/stories/radio.php"] [unique_id "ZyvVhSI_nQNDwYn4bujHwQAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 14:23:43.470122 2024] [security2:error] [pid 23024:tid 23024] [client 120.89.41.98:51712] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||twilighthackers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "twilighthackers.com"] [uri "/images/stories/radio.php"] [unique_id "ZyvCP61YLhdBg28I1bHW-gAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|