TPI-Abuse
2024-10-17 17:07:28
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 17 13:07:22.602482 2024] [security2:error] [pid 27237:tid 27324] [client 2001:67c:2070:c928::1:36830] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.jpdesign.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.jpdesign.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxFESi14Dl3tX5g8_VRlLwAAANc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-17 16:23:29
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 17 12:23:24.588094 2024] [security2:error] [pid 9090:tid 9090] [client 2001:67c:2070:c928::1:34808] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.rimaine.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.rimaine.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxE5_BVRHxoE9nMohJPqqAAAAAY"], referer: http://mail.rimaine.org///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-17 15:13:31
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 17 11:13:24.644377 2024] [security2:error] [pid 19456:tid 19471] [client 2001:67c:2070:c928::1:18066] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.leadingedgesupply.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.leadingedgesupply.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZxEplGhOfwH3W0YbdZJ_kQAAAI0"] show less
Brute-Force
Bad Web Bot
Web App Attack
LRob.fr
2024-10-17 10:30:59
(1 month ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
TPI-Abuse
2024-10-16 15:29:20
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 11:29:14.925623 2024] [security2:error] [pid 8626:tid 8626] [client 2001:67c:2070:c928::1:59434] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||michaelthompson.biz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "michaelthompson.biz"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw_bytVcseQBC5eu_sX9UgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
LRob.fr
2024-10-16 10:01:53
(1 month ago)
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
Brute-Force
Web App Attack
Max la Menace
2024-10-16 05:27:40
(1 month ago)
Wordpress attack (F)
Blog Spam
Web App Attack
TPI-Abuse
2024-10-15 14:39:34
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:39:29.672384 2024] [security2:error] [pid 10571:tid 10571] [client 2001:67c:2070:c928::1:63564] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ev-motion.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ev-motion.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw5-oelxdx1OC3_WV9caAQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-15 13:45:45
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 09:45:41.794872 2024] [security2:error] [pid 14773:tid 14773] [client 2001:67c:2070:c928::1:50196] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||targethk.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "targethk.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zw5yBWKkufyQJ8A6ZLpGKAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-13 16:24:41
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 12:24:37.028160 2024] [security2:error] [pid 13516:tid 13516] [client 2001:67c:2070:c928::1:14502] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bikinitweets.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bikinitweets.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zwv0RWf7MJnVH1p72UDCUQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-12 17:49:17
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Axel
2024-10-12 06:53:08
(1 month ago)
Attempted access to sensitive WordPress file: xmlrpc.php.
Brute-Force
Web App Attack
SSH
archiv-pm
2024-10-11 17:13:05
(1 month ago)
Wordpress login attempts
Brute-Force
TPI-Abuse
2024-10-11 16:48:17
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 11 12:48:09.628576 2024] [security2:error] [pid 27303:tid 27314] [client 2001:67c:2070:c928::1:53404] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sallykimmel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sallykimmel.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZwlWySGrfUWGzYrnmVetxQAAAEY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-11 16:30:10
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net) ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:2070:c928::1 (web820.default-host.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 11 12:30:02.268190 2024] [security2:error] [pid 21956:tid 21956] [client 2001:67c:2070:c928::1:61320] [client 2001:67c:2070:c928::1] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||baselineledsolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "baselineledsolutions.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZwlSitJNnrnMTweI_Br8YwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack