Anonymous
2024-03-21 01:13:04
(10 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-03-11 06:56:56
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.117.17 (ec2-47-128-117-17.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.117.17 (ec2-47-128-117-17.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 11 02:56:50.987326 2024] [security2:error] [pid 31488] [client 47.128.117.17:43686] [client 47.128.117.17] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rimworld.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rimworld.com"] [uri "/tripoligerlach/wilsonalness.com"] [unique_id "Ze6rMjYsaieXmOSGwUsH8AAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-03-10 09:16:52
(10 months ago)
[Sun Mar 10 16:16:37.334584 2024] [security2:error] [pid 37187:tid 140376876779072] [client 47.128.1 ... show more [Sun Mar 10 16:16:37.334584 2024] [security2:error] [pid 37187:tid 140376876779072] [client 47.128.117.17:25608] [client 47.128.117.17] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "18"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/613-klimatologi/agroklimatologi/kalender-tanam-katam-terpadu/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kalender-tanam-katam-terpadu-kabupaten-banyuwangi/kalender-tanam-katam-terpadu-kabupaten-banyuwangi-tahun-2016-2017 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/613-klimatologi/agroklimatologi/kalender-tanam-k
... show less
Hacking
Web App Attack
TPI-Abuse
2024-03-04 23:32:27
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.117.17 (ec2-47-128-117-17.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.117.17 (ec2-47-128-117-17.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 04 18:32:24.015084 2024] [security2:error] [pid 644945:tid 47448765880064] [client 47.128.117.17:46114] [client 47.128.117.17] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.digital4z.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.digital4z.com"] [uri "/wp-content/plugins/jetpack/modules/related-posts/rtl/WS_FTP.LOG"] [unique_id "ZeZaCHtQQ0RifEgMd5ZFRAAAAcM"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-03-02 15:07:59
(10 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-02-29 02:00:38
(10 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-02-26 07:05:28
(10 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Steve
2024-02-23 04:54:00
(11 months ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
bigorre.org
2024-02-18 22:28:36
(11 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
bigorre.org
2024-02-08 07:40:18
(11 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
TheMadBeaker
2024-02-04 12:42:45
(11 months ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
MAGIC
2024-02-03 09:08:14
(11 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Thaliruth
2024-02-02 18:55:31
(11 months ago)
47.128.117.17 - - [02/Feb/2024:19:55:30 +0100] "GET /allgemein/downtimes-am-montag-und-mittwoch HTTP ... show more 47.128.117.17 - - [02/Feb/2024:19:55:30 +0100] "GET /allgemein/downtimes-am-montag-und-mittwoch HTTP/1.0" 200 47825 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
MAGIC
2024-02-02 03:06:48
(11 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-01-23 21:18:07
(1 year ago)
[Wed Jan 24 04:18:03.966282 2024] [security2:error] [pid 141622:tid 132504501618240] [client 47.128. ... show more [Wed Jan 24 04:18:03.966282 2024] [security2:error] [pid 141622:tid 132504501618240] [client 47.128.117.17:11730] [client 47.128.117.17] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "12"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/meteorologi/list-all-categories/2052-klimatologi/analisis-klimatologi/monitoring-kekeringan-dengan-metode-indeks-presipitasi-terstandarisasi-spi/monitoring-kekeringan-dengan-metode-indeks-presipitasi-terstandarisasi-spi-di-indonesia/monitoring-kekeringan-dengan-m..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/m
... show less
Hacking
Web App Attack