๐ฉ๐ช
LRob
2025-02-28 12:00:15
(1 year ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-02-18 14:41:12
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 09:41:08.297397 2025] [security2:error] [pid 21874:tid 21874] [client 2407:1c00:6101:fc30:::50094] [client 2407:1c00:6101:fc30::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nancymahrer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nancymahrer.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z7ScBDB8LVeV-SW6adeyjgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-02-10 20:55:27
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 10 15:55:23.002069 2025] [security2:error] [pid 2401:tid 2401] [client 2407:1c00:6101:fc30:::60396] [client 2407:1c00:6101:fc30::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.arellasoc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.arellasoc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z6pnuuO9Dhbn6Zd58LvVmQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-02-09 06:33:06
(1 year ago)
Failed Wordpress Logins
Web App Attack
๐ฉ๐ช
Hazzard
2025-02-02 00:10:30
(1 year ago)
(wordpress) Failed wordpress login from 2407:1c00:6101:fc30:: (SG/Singapore/-/Singapore/-/[redacted] ...
show more
(wordpress) Failed wordpress login from 2407:1c00:6101:fc30:: (SG/Singapore/-/Singapore/-/[redacted])
show less
Brute-Force
๐ฉ๐ช
ghostwarriors
2025-02-01 14:20:07
(1 year ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ksol-hostmaster
2025-02-01 14:07:19
(1 year ago)
2025/02/01 15:07:18 [error] 50857#119489: *633376 access forbidden by rule, client: 2407:1c00:6101:f ...
show more
2025/02/01 15:07:18 [error] 50857#119489: *633376 access forbidden by rule, client: 2407:1c00:6101:fc30::, server: revolutionbim.com, request: "POST /xmlrpc.php HTTP/1.1", host: "revolutionbim.com"
...
show less
Web Spam
๐บ๐ธ
TPI-Abuse
2025-01-31 18:20:57
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 31 13:20:48.674172 2025] [security2:error] [pid 642038:tid 642038] [client 2407:1c00:6101:fc30:::39284] [client 2407:1c00:6101:fc30::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.constructiondomex.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.constructiondomex.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z50UgG0z9qL-gIe9vLZj8gAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2025-01-29 22:50:04
(1 year ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ksol-hostmaster
2025-01-29 22:30:24
(1 year ago)
2025/01/29 23:30:23 [error] 30424#540087: *2617106 access forbidden by rule, client: 2407:1c00:6101: ...
show more
2025/01/29 23:30:23 [error] 30424#540087: *2617106 access forbidden by rule, client: 2407:1c00:6101:fc30::, server: revolutionbim.com, request: "POST /xmlrpc.php HTTP/1.1", host: "revolutionbim.com"
...
show less
Web Spam
๐ฉ๐ช
Hazzard
2025-01-25 15:13:00
(1 year ago)
(wordpress) Failed wordpress login from 2407:1c00:6101:fc30:: (SG/Singapore/-/Singapore/-/[redacted] ...
show more
(wordpress) Failed wordpress login from 2407:1c00:6101:fc30:: (SG/Singapore/-/Singapore/-/[redacted])
show less
Brute-Force
๐ฉ๐ช
Ba-Yu
2025-01-25 10:45:31
(1 year ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-01-16 17:18:42
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 16 12:18:37.902265 2025] [security2:error] [pid 14037:tid 14037] [client 2407:1c00:6101:fc30:::52016] [client 2407:1c00:6101:fc30::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ruthbalser.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ruthbalser.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4k_bcvPxzK0lTXc-wicBgAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
MAGIC
2025-01-15 11:04:24
(1 year ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-01-09 19:13:34
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 2407:1c00:6101:fc30:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 09 14:13:31.274002 2025] [security2:error] [pid 3977206:tid 3977206] [client 2407:1c00:6101:fc30:::44884] [client 2407:1c00:6101:fc30::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||davidquiroa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "davidquiroa.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4Af26mgkQRfso8XDnlP6QAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack