RoboSOC
2024-08-08 03:28:43
(1 month ago)
Joomla Remote Code Execution Vulnerability, PTR: debonair-design_n3.aeza.network.
Hacking
TPI-Abuse
2024-08-08 03:27:46
(1 month ago)
(mod_security) mod_security (id:240000) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more (mod_security) mod_security (id:240000) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 23:27:42.865877 2024] [security2:error] [pid 16813:tid 16832] [client 185.106.93.69:35614] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||ecothermtech.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "ecothermtech.com"] [uri "/home/images/stories/evil.php"] [unique_id "ZrQ7LkSWAAUGlIKz3agwWwAAAMw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 02:32:27
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more (mod_security) mod_security (id:225170) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 22:32:23.365487 2024] [security2:error] [pid 1000056:tid 1000056] [client 185.106.93.69:55592] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.letmespeakpodcast.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.letmespeakpodcast.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrQuN7xoVLR6B4YWqz_UnwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
rsiddall
2024-08-08 02:20:14
(1 month ago)
2024-08-07T22:20:10.071738linnet.elirion.net drupal[17810]: https://huumanists.org|1723083610|user|1 ... show more 2024-08-07T22:20:10.071738linnet.elirion.net drupal[17810]: https://huumanists.org|1723083610|user|185.106.93.69|https://huumanists.org/?q=user||0||Login attempt failed for huumanists.
2024-08-07T22:20:11.056707linnet.elirion.net drupal[18755]: https://huumanists.org|1723083611|user|185.106.93.69|https://huumanists.org/?q=user||0||Login attempt failed for admin.
2024-08-07T22:20:12.143357linnet.elirion.net drupal[17810]: https://huumanists.org|1723083612|user|185.106.93.69|https://huumanists.org/?q=user||0||Login attempt failed for administrator.
2024-08-07T22:20:13.308647linnet.elirion.net drupal[22498]: https://huumanists.org|1723083613|user|185.106.93.69|https://huumanists.org/?q=user||0||Login attempt failed for huumanists.
2024-08-07T22:20:14.186364linnet.elirion.net drupal[17810]: https://huumanists.org|1723083614|user|185.106.93.69|https://huumanists.org/?q=user||0||Login attempt failed for admin.
... show less
Brute-Force
TPI-Abuse
2024-08-08 02:12:53
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more (mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 07 22:12:44.951956 2024] [security2:error] [pid 25720:tid 25720] [client 185.106.93.69:50784] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.limestoneroof.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.limestoneroof.com"] [uri "/2013/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrQpnA6hB3f8Stkr7G_qaAAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-08 00:45:49
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
Anonymous
2024-08-08 00:04:10
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
cmbplf
2024-08-07 23:01:23
(1 month ago)
6.270 POST requests in 1 hour (2w4d2h)
Brute-Force
Bad Web Bot
Rizzy
2024-08-07 22:44:40
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
hermawan
2024-08-07 22:35:13
(1 month ago)
[Thu Aug 08 05:32:07.059885 2024] [authz_core:error] [pid 199292:tid 134783065654848] [client 185.10 ... show more [Thu Aug 08 05:32:07.059885 2024] [authz_core:error] [pid 199292:tid 134783065654848] [client 185.106.93.69:51076] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[199361] [Uzjieocs4hw] [ZrP157anYASSV7ZvHFOP3QAAAFs] keep_alive=[0] [2024-08-08 05:32:07.059888] [R:ZrP157anYASSV7ZvHFOP3QAAAFs] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
Hacking
Web App Attack
stinpriza
2024-08-07 22:30:36
(1 month ago)
Drupal Authentication failure
Brute-Force
Web App Attack
syokadmin
2024-08-07 22:30:13
(1 month ago)
(mod_security) mod_security (id:77142252) triggered by 185.106.93.69 (TR/Turkey/debonair-design_n3.a ... show more (mod_security) mod_security (id:77142252) triggered by 185.106.93.69 (TR/Turkey/debonair-design_n3.aeza.network): 1 in the last 3600 secs show less
Brute-Force
4server
2024-08-07 22:29:24
(1 month ago)
[ThuAug0800:29:16.1499152024][security2:error][pid2945176:tid2945233][client185.106.93.69:0][client1 ... show more [ThuAug0800:29:16.1499152024][security2:error][pid2945176:tid2945233][client185.106.93.69:0][client185.106.93.69]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"5056\"][id\"382238\"][rev\"2\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:PHPfileexecutioninuploadsdirectorydenied\"][data\"wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][severity\"CRITICAL\"][hostname\"giftech.ch\"][uri\"/wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][unique_id\"ZrP1PNjvhT7y2cLd9-eGHAAAAIE\"][ThuAug0800:29:16.5411312024][security2:error][pid2945176:tid2945233][client185.106.93.69:0][client185.106.93.69]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"connector\\\\\\\\.minimal\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"306\"][id\"393781\"][rev\"1\"][msg\"Atomicorp.comWAFRules-VirtualJustInT show less
Port Scan
Brute-Force
Web App Attack