chr70
2024-11-11 14:42:00
(3 weeks ago)
Scanning for vulnerabilities
Web App Attack
TPI-Abuse
2024-11-11 08:41:51
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 03:41:42.845173 2024] [security2:error] [pid 18707:tid 18707] [client 2a12:5940:3cec::2:60260] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.doctoredwinalvarez.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.doctoredwinalvarez.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzHDRrjwvRAdIyaR8siKPgAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 02:37:13
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 21:37:04.414509 2024] [security2:error] [pid 30673:tid 30673] [client 2a12:5940:3cec::2:44692] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ideaofauniversity.website"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzFt0LMmKn05TZX2h4n8xQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 01:10:37
(3 weeks ago)
(mod_security) mod_security (id:210580) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210580) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 20:10:27.957080 2024] [security2:error] [pid 2055137:tid 2055137] [client 2a12:5940:3cec::2:46594] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/configuration.php" at ARGS:f. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||acmax.com|F|2"] [data "Matched Data: /configuration.php found within ARGS:f: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "acmax.com"] [uri "/home/components/com_hdflvplayer/hdflvplayer/download.php"] [unique_id "ZzFZg66jYqO1I6e329yQVwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 00:39:26
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 19:39:19.132867 2024] [security2:error] [pid 23405:tid 23405] [client 2a12:5940:3cec::2:34986] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||mtl.microkerneltechnologies.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "mtl.microkerneltechnologies.com"] [uri "/uncategorized/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzFSN_KjDHTR3CsFaewsAAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 21:13:49
(3 weeks ago)
(mod_security) mod_security (id:210580) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210580) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 16:13:44.581315 2024] [security2:error] [pid 7708:tid 7835] [client 2a12:5940:3cec::2:50428] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/configuration.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ecothermtech.com|F|2"] [data "Matched Data: /configuration.php found within ARGS:file: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ecothermtech.com"] [uri "/home/components/com_moofaq/includes/file_includer.php"] [unique_id "ZzEiCPBA6qvy1nbRExmxggAAAQM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 20:52:22
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 15:52:15.623787 2024] [security2:error] [pid 1600730:tid 1600730] [client 2a12:5940:3cec::2:34770] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.charlescastleman.com"] [uri "/personal-biography/MYzoomsounds/"] [unique_id "ZzEc_wVnThIP_DBNnHGoJQAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
nfsec.pl
2024-11-10 19:04:41
(3 weeks ago)
2a12:5940:3cec::2 - - [10/Nov/2024:20:03:29 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/e ... show more 2a12:5940:3cec::2 - - [10/Nov/2024:20:03:29 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88686 "-" "Mozilla/5.0 (X11; Ubuntu; 2331 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
2a12:5940:3cec::2 - - [10/Nov/2024:20:03:44 +0100] "POST /media/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88653 "-" "Mozilla/5.0 (X11; Ubuntu; 2331 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
2a12:5940:3cec::2 - - [10/Nov/2024:20:03:59 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/evil.php HTTP/1.1" 404 88845 "-" "Mozilla/5.0 (X11; Ubuntu; 2331 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
2a12:5940:3cec::2 - - [10/Nov/2024:20:04:25 +0100] "GET /media/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88671 "-" "Mozilla/5.0 (X11; Ubuntu; 2331 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
2a12:5940:3cec::2 - - [10/Nov/2024:20:04:40 +0100] "POST /media/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.ph
... show less
Exploited Host
Web App Attack
TPI-Abuse
2024-11-10 18:47:30
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 13:47:25.534049 2024] [security2:error] [pid 13751:tid 13751] [client 2a12:5940:3cec::2:44390] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "campnecon.com"] [uri "/MYzoomsounds/"] [unique_id "ZzD_vacrny5eomVK0PSNjgAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 18:24:11
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 13:24:04.779676 2024] [security2:error] [pid 1199:tid 1199] [client 2a12:5940:3cec::2:39850] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nivotrol.innovacionesnimba.com"] [uri "/MYzoomsounds/"] [unique_id "ZzD6RLPKwpNvjLUFl2TJwgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 15:25:17
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 10:25:09.218378 2024] [security2:error] [pid 3769181:tid 3769181] [client 2a12:5940:3cec::2:54270] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jamesmsmall.com"] [uri "/blog/wp-admin/admin.php"] [unique_id "ZzDQVeYNRDmREMG730qR0AAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-10 15:20:04
(3 weeks ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2024-11-10 15:08:16
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a12:5940:3cec::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 10:08:08.328829 2024] [security2:error] [pid 2838:tid 2838] [client 2a12:5940:3cec::2:35046] [client 2a12:5940:3cec::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mavikalem.org"] [uri "/MYzoomsounds/"] [unique_id "ZzDMWF8L_uqICgSMmj0dDgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
stinpriza
2024-11-10 15:05:42
(3 weeks ago)
Drupal Authentication failure
Brute-Force
Web App Attack