Anonymous
2024-03-19 19:31:56
(9 months ago)
POST_FAIL on WP_XMLRPC, BF_DETECTED
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-03-19 18:28:49
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 19 14:28:41.905516 2024] [security2:error] [pid 4201] [client 217.149.5.159:55220] [client 217.149.5.159] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dpcfab.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dpcfab.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZfnZWWLQjL3blRBBhemS8QAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
wnbhosting.dk
2024-03-19 18:27:34
(9 months ago)
WP xmlrpc [2024-03-19T19:27:34+01:00]
Hacking
Web App Attack
Anonymous
2024-03-19 18:13:48
(9 months ago)
217.149.5.159 - - [19/Mar/2024:15:13:47 -0300] "GET /wp-login.php HTTP/1.1" 302 5 "http://automobili ... show more 217.149.5.159 - - [19/Mar/2024:15:13:47 -0300] "GET /wp-login.php HTTP/1.1" 302 5 "http://automobilistica.net/wp-login.php" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/95.0"
... show less
Web App Attack
mnsf
2024-03-19 18:08:28
(9 months ago)
Scanning/Probing (20)
Brute-Force
Web App Attack
TPI-Abuse
2024-03-19 18:04:31
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 19 14:04:27.899031 2024] [security2:error] [pid 12451] [client 217.149.5.159:52518] [client 217.149.5.159] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||neconebooks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "neconebooks.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZfnTq-3ts4AdKsVbPjZmhAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-03-19 18:00:15
(9 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
Hirte
2024-03-19 17:59:25
(9 months ago)
ENG: Web Attack GET /wp-login.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-19 17:23:08
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 19 13:23:01.848102 2024] [security2:error] [pid 23797] [client 217.149.5.159:51176] [client 217.149.5.159] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||swcbsa.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "swcbsa.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZfnJ9b3GVwo07NAR_W8rDQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-19 17:18:27
(9 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-03-19 17:06:35
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 217.149.5.159 (srv05159.servatica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 19 13:06:30.673233 2024] [security2:error] [pid 2262] [client 217.149.5.159:60184] [client 217.149.5.159] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||beercanisland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "beercanisland.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZfnGFt7uNySHTB9O0ETMbAAAAAw"], referer: http://beercanisland.com///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack