10dencehispahard SL
2024-03-27 04:00:05
(5 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
Anonymous
2024-03-26 01:00:25
(5 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-24 01:44:40
(5 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-19 15:35:18
(5 months ago)
Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096, ... show more Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,3306,2195; Direction: 0; Trigger: LF_CUSTOMTRIGGER show less
Brute-Force
SSH
hermawan
2024-03-18 23:01:23
(5 months ago)
[Tue Mar 19 05:49:57.032781 2024] [security2:error] [pid 12970:tid 134667873289792] [client 47.128.1 ... show more [Tue Mar 19 05:49:57.032781 2024] [security2:error] [pid 12970:tid 134667873289792] [client 47.128.113.168:17054] [client 47.128.113.168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "18"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/prakiraan-iklim/prakiraan-dasarian/prakiraan-dasarian-daerah-potensi-banjir/555560123-prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur-untuk-bulan-juni-dasarian-i-tahun-2023-tanggal-1-10-juni-2023-update-10-mei-2023 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-dasarian/prakir
... show less
Hacking
Web App Attack
Steve
2024-03-15 06:10:22
(5 months ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
TPI-Abuse
2024-03-07 20:20:39
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.113.168 (ec2-47-128-113-168.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.113.168 (ec2-47-128-113-168.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 07 15:20:33.234871 2024] [security2:error] [pid 21743:tid 47088549238528] [client 47.128.113.168:55410] [client 47.128.113.168] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||oplconnect.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oplconnect.com"] [uri "/images/Thumbs.db"] [unique_id "ZeohkR3culcRFElhi4OTgwAAAYw"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-03-06 08:37:20
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-03-05 02:02:54
(6 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-02-26 04:05:24
(6 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-02-25 13:11:27
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
10dencehispahard SL
2024-02-21 21:00:38
(6 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
MAGIC
2024-02-21 10:12:01
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-02-21 09:47:06
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.113.168 (ec2-47-128-113-168.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.113.168 (ec2-47-128-113-168.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 21 04:46:58.328726 2024] [security2:error] [pid 21978] [client 47.128.113.168:40844] [client 47.128.113.168] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.voodooshop.com|F|2"] [data ".net.seowebstat.com.seowebstat.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.voodooshop.com"] [uri "/:/tireurdefrance.net.seowebstat.com.seowebstat.com"] [unique_id "ZdXGkrftoNSkY8zhYM2c_wAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-02-19 01:03:50
(6 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot