ghostwarriors
2024-09-04 05:50:05
(4 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
ksol-hostmaster
2024-09-04 05:22:33
(4 days ago)
2024/09/04 07:22:32 [error] 88566#791129: *6153654 limiting requests, excess: 0.600 by zone "crawler ... show more 2024/09/04 07:22:32 [error] 88566#791129: *6153654 limiting requests, excess: 0.600 by zone "crawler", client: 2a03:2880:f806:19::, server: crxforum.ksol.io, request: "GET /showThread.php?topicId=565&commentUniqId=5192105d1e336&seed=666ace70d2efe HTTP/2.0", host: "crxforum.ksol.io"
... show less
Bad Web Bot
TPI-Abuse
2024-08-18 10:10:46
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 06:10:40.000786 2024] [security2:error] [pid 29105:tid 29105] [client 2a03:2880:f806:19:::43294] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.kathydumesnilart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.kathydumesnilart.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZsHIn8oBMIccRvKi0rBk2AAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 00:05:41
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 20:05:35.938891 2024] [security2:error] [pid 1112:tid 1112] [client 2a03:2880:f806:19:::41706] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.pleaseaddbacon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pleaseaddbacon.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zr_pT-9_gTS5ICh1iOBf9AAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 01:04:03
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 21:03:57.374641 2024] [security2:error] [pid 27738:tid 27738] [client 2a03:2880:f806:19:::37476] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lcoor.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lcoor.org"] [uri "/wp-json/wp/v2/users/2"] [unique_id "Zr6lfcFUSd1aO0hfC6zqmwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 16:22:32
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 12:22:26.830267 2024] [security2:error] [pid 9213:tid 9213] [client 2a03:2880:f806:19:::39102] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.thomasgardner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thomasgardner.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zr4rQs5NtWzvLape34DcPwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 09:31:41
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 05:31:36.261528 2024] [security2:error] [pid 2744:tid 2744] [client 2a03:2880:f806:19:::59518] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||renjunews.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "renjunews.com"] [uri "/wp-json/wp/v2/users/25"] [unique_id "Zr3K-LwG5JHk6G7Kpks9KgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 06:00:38
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 02:00:30.523566 2024] [security2:error] [pid 6492:tid 6492] [client 2a03:2880:f806:19:::52694] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||greenroomonline.org|F|2"] [data ".wagonwheeltheatre.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "greenroomonline.org"] [uri "/theaters/www.wagonwheeltheatre.com"] [unique_id "Zr2ZfltiNVBvBAAczOP9FQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 02:46:32
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 22:46:29.404740 2024] [security2:error] [pid 28684:tid 28684] [client 2a03:2880:f806:19:::39468] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.5degrees-eg.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.5degrees-eg.com"] [uri "/[email protected] "] [unique_id "Zr1sBStVRADzmEWlJdpVMAAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 01:33:05
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 21:32:59.933407 2024] [security2:error] [pid 26032:tid 26032] [client 2a03:2880:f806:19:::32888] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.crep-psych.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.crep-psych.org"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zr1ay9Zl3d5XTyW7jPctSAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 13:32:41
(3 weeks ago)
(mod_security) mod_security (id:211180) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:211180) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 09:32:37.460609 2024] [security2:error] [pid 5133:tid 5133] [client 2a03:2880:f806:19:::51276] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "50"] [id "211180"] [rev "3"] [msg "COMODO WAF: Session Fixation: SessionID Parameter Name with No Referer||artisvilla.com|F|2"] [data "Matched Data: phpsessid found within REQUEST_HEADERS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artisvilla.com"] [uri "/site/"] [unique_id "Zryx9QW4i6jBXBe9urY7iAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 12:38:33
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 08:38:27.224144 2024] [security2:error] [pid 22949:tid 22949] [client 2a03:2880:f806:19:::34016] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cnprcertificationreviews.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cnprcertificationreviews.org"] [uri "/facebook.com"] [unique_id "ZrylQyiJItHAimxrhlyxhAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 00:36:01
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 20:35:54.251663 2024] [security2:error] [pid 13872:tid 13875] [client 2a03:2880:f806:19:::34444] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vtweaversguild.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vtweaversguild.org"] [uri "/VWG-FORUM/[email protected] "] [unique_id "Zrv76sMgZ2mkylJZK-PVsAAAAQE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 16:46:31
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:225170) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 12:46:25.509046 2024] [security2:error] [pid 5140:tid 5140] [client 2a03:2880:f806:19:::59468] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tallpinesranch.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tallpinesranch.org"] [uri "/wp-json/wp/v2/users/47"] [unique_id "ZruN4bUnTJiTri3cgtwfKAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-12 19:11:00
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2a03:2880:f806:19:: (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 15:10:57.301193 2024] [security2:error] [pid 32000:tid 32000] [client 2a03:2880:f806:19:::34814] [client 2a03:2880:f806:19::] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kulacenterky.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kulacenterky.com"] [uri "/2015/11/[email protected] "] [unique_id "ZrpeQZFTr246v89MzFh9xAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack