hermawan
|
|
[Sun Dec 01 01:22:47.271979 2024] [security2:error] [pid 346915:tid 136152409437888] [client 20.27.2 ... show more[Sun Dec 01 01:22:47.271979 2024] [security2:error] [pid 346915:tid 136152409437888] [client 20.27.20.23:5248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US, en; q=0.9, zh-CN; q=0.8, zh; q=0.7 request_line = GET /index.php/profil/meteorologi/list-of-all-tags/struktur-organisasi HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-of-all-tags/struktur-organisasi"] [unique_id "Z0tX91OsjTuofP7V7vhkDwAAApk"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[347082] [Cev9Zl0OaOY] [Z0tX91OsjTuofP7V7vhkDwAAApk] keep_alive=[0] [2024-12-01 01:22:47.271985] [R:Z0tX91OsjTuofP7V7vhkDwAAApk] UA:'Mozilla/5.0 (Windows N
... show less
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 20.27.20.23 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210730) triggered by 20.27.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 07:47:00.595464 2024] [security2:error] [pid 12624:tid 12624] [client 20.27.20.23:5248] [client 20.27.20.23] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.koswerks.net|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.koswerks.net"] [uri "/index.bak"] [unique_id "Z0sJRFWE_N5rd4dm9SD-NgAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
Anonymous
|
|
Multiple unauthorized attempt to access to non-existent path
|
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
findlab
|
|
Backdrop CMS module - malicious activity detected
|
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
octageeks.com
|
|
Wordpress malicious attack:[octa404]
|
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 20.27.20.23 (-): 1 in the last 300 secs; Ports: ... show more(mod_security) mod_security (id:210730) triggered by 20.27.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 08 11:59:45.844982 2024] [security2:error] [pid 2698:tid 2698] [client 20.27.20.23:5248] [client 20.27.20.23] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||med-engineering.com|F|2"] [data ".astelin.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "med-engineering.com"] [uri "/www.astelin.com"] [unique_id "ZwVW8ZjAmwCSj6kft58i-QAAAAs"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
polido
|
|
Unauthorized connection attempt to port 443 from 20.27.20.23
|
Port Scan
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|