Steve
|
|
Attempts against non-existent wordpress site
|
Brute-Force
Web App Attack
|
|
Sklurk
|
|
Web App Attack
|
Web App Attack
|
|
Anonymous
|
|
Malicious activity detected
|
Hacking
Web App Attack
|
|
MAGIC
|
|
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the ... show more(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 22 03:32:05.561554 2024] [security2:error] [pid 1323:tid 1350] [client 210.5.87.114:14520] [client 210.5.87.114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.guitarprimer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.guitarprimer.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z2fOhfdl2dDPqm2E3nZA2wAAAFg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the ... show more(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 06 21:27:16.827420 2024] [security2:error] [pid 28501:tid 28565] [client 210.5.87.114:23437] [client 210.5.87.114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.busybeerestaurant.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.busybeerestaurant.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z1OyhO1xIbetDX0_dcYFHgAAAQs"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
el-brujo
|
|
Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: parrot.elhacker.net userAgent: Mozil ... show moreCloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: parrot.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Action: managed_challenge Source: firewallManaged ASN Description: IPG-AS-AP Philippine Long Distance Telephone Company Country: PH Method: GET Timestamp: 2024-12-02T08:22:28Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
|
Hacking
SQL Injection
Web App Attack
|
|
Anonymous
|
|
Fail2Ban - Nginx Bot Probes
|
Web App Attack
|
|
JimArchon72
|
|
2024/11/23 16:23:11 "GET /wp-login.php HTTP/1.1"
|
Web App Attack
|
|
Tripwire
|
|
Wordpress login scanning
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the ... show more(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 22 00:58:45.842550 2024] [security2:error] [pid 9793:tid 9793] [client 210.5.87.114:16785] [client 210.5.87.114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stonehillpolicies.myomni.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stonehillpolicies.myomni.us"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z0AdlazdVaTfcqWIKWD71wAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the ... show more(mod_security) mod_security (id:225170) triggered by 210.5.87.114 (210.5.87.114.pldt.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 21 11:12:07.071623 2024] [security2:error] [pid 12303:tid 12303] [client 210.5.87.114:13667] [client 210.5.87.114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.newdirectionsinmusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zz9b1-ehdy-n6vaeXtQDRwAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Malicious activity detected
|
Hacking
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|