Jim Keir
|
|
2024-09-17 10:17:27 212.30.33.42 File scanning, blocking 212.30.33.42 for 5 minutes
2024-09-17 ... show more2024-09-17 10:17:27 212.30.33.42 File scanning, blocking 212.30.33.42 for 5 minutes
2024-09-17 10:17:27 212.30.33.42 File scanning, blocking 212.30.33.42 for 5 minutes show less
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:212750) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:212750) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 16 07:33:29.053330 2024] [security2:error] [pid 16816:tid 16816] [client 212.30.33.42:45669] [client 212.30.33.42] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mouse(?:down|move|out|over|up)|move|readystatechange|reset|resize|select|submit|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected||old.renju.net|F|2"] [data "Matched Data: onerror= found within REQUEST_URI: /people/worldplayers.php?people_id=<img src='x' onerror='alert(\\x22xss\\x22)'/>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "old.renju.net"] [uri "/people/worldplayers.php"] [unique_id "ZugXientAozEVkpQ73hPCgAAABY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
JJR
|
|
Automated report (2024-09-16T04:13:54-07:00). Nesting attack detected.
|
Open Proxy
Hacking
|
|
backslash
|
|
|
Bad Web Bot
|
|
soundboxxx.com
|
|
ping 212.30.33.42 -t -l 10000
|
DDoS Attack
FTP Brute-Force
Ping of Death
Open Proxy
Port Scan
Hacking
SQL Injection
Brute-Force
Web App Attack
SSH
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TheMadBeaker
|
|
Fail2Ban Ban Triggered
HTTP Exploit Attempt
|
Brute-Force
Web App Attack
|
|
tecnicorioja
|
|
(Mod_security) [10/Sep/2024:15:38:03.992346
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 10:49:05.390115 2024] [security2:error] [pid 9887:tid 9887] [client 212.30.33.42:62699] [client 212.30.33.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.teguer.com"] [uri "/platform/.env"] [unique_id "ZuBcYdRKdQESpDC1QqWVFgAAAAs"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 10:22:44.894239 2024] [security2:error] [pid 4148:tid 4148] [client 212.30.33.42:2869] [client 212.30.33.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stragar.com"] [uri "/platform/.env"] [unique_id "ZuBWNOpN3jkBeFVdHp-1VQAAABw"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 09:41:04.531133 2024] [security2:error] [pid 11685:tid 11685] [client 212.30.33.42:2837] [client 212.30.33.42] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brelcafetal.turedinmobiliaria.com"] [uri "/platform/.env"] [unique_id "ZuBMcAEr0-QX3YBeamNSaAAAAAw"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Sklurk
|
|
Web App Attack
|
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 212.30.33.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 16:08:27.108087 2024] [security2:error] [pid 13975:tid 14206] [client 212.30.33.42:21965] [client 212.30.33.42] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||blastfuturepress.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blastfuturepress.com"] [uri "/backup/backup.sql"] [unique_id "Zq6OO96G85scciMpSgE1vQAAAEw"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|