Blocked by CSF Firewall. Reason: lfd: (mod_security) mod_security (id:210492) triggered by 31.31.198 ... show moreBlocked by CSF Firewall. Reason: lfd: (mod_security) mod_security (id:210492) triggered by 31.31.198.215 (RU/Russia/spl95.hosting.reg.ru): 5 in the last 3600 secs - Mon Nov 11 15:59:26 2024 show less
Phishing scam from exploited Wordpress host
From: [email protected]
Date: Nov 13, ... show morePhishing scam from exploited Wordpress host
From: [email protected]
Date: Nov 13, 2024 8:57 AM
Subject: [Вопрос литагенту] Данные для входа на сайт show less
(mod_security) mod_security (id:210492) triggered by 31.31.198.215 (spl95.hosting.reg.ru): 1 in the ... show more(mod_security) mod_security (id:210492) triggered by 31.31.198.215 (spl95.hosting.reg.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 16:51:57.360723 2024] [security2:error] [pid 17524:tid 17561] [client 31.31.198.215:42216] [client 31.31.198.215] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "asetiadi.net"] [uri "/wp-config.php.bin"] [unique_id "ZzJ8fTGHV9PhVylTj0oS4wAAARA"] show less
Brute-ForceBad Web BotWeb App Attack
Anonymous
Bot / scanning and/or hacking attempts: GET /wp-config.php_old HTTP/1.1, GET /wp-config.php_cs-backu ... show moreBot / scanning and/or hacking attempts: GET /wp-config.php_old HTTP/1.1, GET /wp-config.php_cs-backup HTTP/1.1, GET /wp-config.php_bak HTTP/1.1, GET /wp-config.php_bckk HTTP/1.1, GET /wp-config.php.bin HTTP/1.1, GET /wp-config.php-s HTTP/1.1, GET /wp-cli.phar HTTP/1.1, GET / HTTP/1.1, GET /wp-config.php~ HTTP/1.1, GET /wp-json HTTP/1.1, GET /wp-config.php.bak HTTP/1.1, GET /wp-config.php.old HTTP/1.1 show less
(mod_security) mod_security (id:210492) triggered by 31.31.198.215 (spl95.hosting.reg.ru): 1 in the ... show more(mod_security) mod_security (id:210492) triggered by 31.31.198.215 (spl95.hosting.reg.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 14:32:15.682041 2024] [security2:error] [pid 29682:tid 29682] [client 31.31.198.215:60432] [client 31.31.198.215] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alaskadreamspublishing.com"] [uri "/wp-config.php-s"] [unique_id "ZzJbvz0eHalkFKsTFFnfpgAAAAA"] show less
Brute-ForceBad Web BotWeb App Attack
Anonymous
(mod_security) mod_security triggered on hostname [redacted] 31.31.198.215 (RU/Russia/spl95.hosting. ... show more(mod_security) mod_security triggered on hostname [redacted] 31.31.198.215 (RU/Russia/spl95.hosting.reg.ru) show less