octageeks.com
|
|
Wordpress malicious attack:[octawp]
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octawp]
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 01:04:41.415311 2024] [security2:error] [pid 4859:tid 4859] [client 38.99.101.101:33281] [client 38.99.101.101] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otfes.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otfes.com"] [uri "/mailto:[email protected]"] [unique_id "Zw9Jae4s_a4LLC1rO3ticQAAAAk"], referer: http://otfes.com/mailto:contactus%40otfes.com show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octawp]
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 11:37:59.474230 2024] [security2:error] [pid 1894:tid 1894] [client 38.99.101.101:19877] [client 38.99.101.101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 213.152.161.30 (1+1 hits since last alert)|www.soacademy.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.soacademy.org"] [uri "/xmlrpc.php"] [unique_id "Zw6MVyHlB0_UdoRdSdOQoAAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 11:22:56.891545 2024] [security2:error] [pid 14601:tid 14847] [client 38.99.101.101:31414] [client 38.99.101.101] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lavonnesells.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lavonnesells.com"] [uri "/mailto:[email protected]"] [unique_id "Zw6I0A4fcAa4pq2tVoK5BQAAAYM"], referer: http://lavonnesells.com/AboutOldNorthwestLandCoinc.html show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
Anonymous
|
|
mit-polly.de 38.99.101.101 [14/Oct/2024:15:25:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "Mo ... show moremit-polly.de 38.99.101.101 [14/Oct/2024:15:25:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36"
mit-polly.de 38.99.101.101 [14/Oct/2024:15:25:35 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" show less
|
Web App Attack
|
|
octageeks.com
|
|
Wordpress malicious attack:[octawp]
|
Web App Attack
|
|
Anonymous
|
|
botnet
|
DDoS Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 10:15:00.464888 2024] [security2:error] [pid 10677:tid 10677] [client 38.99.101.101:2906] [client 38.99.101.101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 38.99.101.101 (+1 hits since last alert)|www.hotpay.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hotpay.co"] [uri "/xmlrpc.php"] [unique_id "ZwvV5AAqzMHr7nWqb_pF9QAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:240335) triggered by 38.99.101.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 09:59:45.808331 2024] [security2:error] [pid 22188:tid 22188] [client 38.99.101.101:37990] [client 38.99.101.101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 38.99.101.101 (+1 hits since last alert)|www.thehealthyplaceclayton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "ZwvSUWol9-XU034sZlKW8wAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Ba-Yu
|
|
WP-xmlrpc exploit
|
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
|
|
packets-decreaser.net
|
|
Incoming Layer 7 Flood Detected
|
DDoS Attack
Web Spam
|
|
Florian Kolb
|
|
Layer 7 Flood with 1003 requests
|
DDoS Attack
|
|