Emil Petrakov
|
|
2024-10-13T02:13:19.370350+03:00 srv44 fail2ban[1216]: [wordpress-hard] Ban 209.38.16.249
...
|
Brute-Force
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 18:30:17.976365 2024] [security2:error] [pid 10624:tid 10624] [client 209.38.16.249:59523] [client 209.38.16.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gegkal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gegkal.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zwr4eVZYoK_7x39RcZVHLgAAABU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Block Rockin' Beats
|
|
Attempted Wordpress exploit
|
Hacking
Web App Attack
|
|
Anonymous
|
|
apache-wordpress-login
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 18:08:43.320912 2024] [security2:error] [pid 3960:tid 3960] [client 209.38.16.249:59668] [client 209.38.16.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rcto.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rcto.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZwrzaxlYkWKu7_Xep-3S1gAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
weblite
|
|
WP_AUTHOR_SCANNING WP_XMLRPC_ABUSE
|
Brute-Force
Web App Attack
|
|
ardexter
|
|
Wordpress attack and DDOS
|
DDoS Attack
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 13:47:04.603237 2024] [security2:error] [pid 13231:tid 13231] [client 209.38.16.249:54295] [client 209.38.16.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.lgbtqhistoryinaustin.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lgbtqhistoryinaustin.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zwq2GG6WVLJEkYM-11mkiAAAAAY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
[redacted] 209.38.16.249 - - [12/Oct/2024:19:33:55 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" " ... show more[redacted] 209.38.16.249 - - [12/Oct/2024:19:33:55 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 209.38.16.249 - - [12/Oct/2024:19:33:56 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 209.38.16.249 - - [12/Oct/2024:19:33:58 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 209.38.16.249 - - [12/Oct/2024:19:33:59 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 209.38.16.249 - - [12/Oct/2024:19:34:00 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-"
... show less
|
Web App Attack
|
|
mnsf
|
|
Xmlrpc Caught (6)
|
Brute-Force
Web App Attack
|
|
Anonymous
|
|
Ports: *; Direction: 0; Trigger: CT_LIMIT
|
Brute-Force
SSH
|
|
zynex
|
|
URL Probing: /2019/wp-includes/wlwmanifest.xml
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:225170) triggered by 209.38.16.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 08:54:31.287751 2024] [security2:error] [pid 25259:tid 25259] [client 209.38.16.249:58119] [client 209.38.16.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ecushopper.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ecushopper.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zwpxh2tVL8ys_w5VqYL4XwAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
cmbplf
|
|
1.911 requests to */xmlrpc.php
329 requests to */wp-includes/wlwmanifest.xml
|
Brute-Force
Bad Web Bot
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|