TPI-Abuse
2024-02-15 15:07:37
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.119.22 (ec2-47-128-119-22.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.119.22 (ec2-47-128-119-22.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 15 10:07:29.654372 2024] [security2:error] [pid 30464:tid 47950386484992] [client 47.128.119.22:54456] [client 47.128.119.22] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gafm.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gafm.org"] [uri "/http/charteredfinancialmanager.com"] [unique_id "Zc4oseLnHTGoHJzmQ975pgAAANE"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-02-10 03:06:34
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-02-08 16:08:41
(8 months ago)
[Thu Feb 08 23:08:28.788053 2024] [security2:error] [pid 66247:tid 128613443700288] [client 47.128.1 ... show more [Thu Feb 08 23:08:28.788053 2024] [security2:error] [pid 66247:tid 128613443700288] [client 47.128.119.22:33346] [client 47.128.119.22] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "12"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/meteorologi/list-all-categories/3979-galeri-kegiatan HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all-categories/3979-galeri-kegiatan"] [unique_id "ZcT8fDYgRbiZ4iMZQU3pVwABXwQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[66252] [yV6hBYkj1Mg] [ZcT8fDYgRbiZ4iMZQU3pVwABXwQ]
... show less
Hacking
Web App Attack
MAGIC
2024-02-08 09:03:36
(8 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-02-06 02:11:34
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Steve
2024-02-05 02:40:57
(8 months ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
bigorre.org
2024-02-03 08:10:56
(8 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
TPI-Abuse
2024-01-31 21:04:20
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.119.22 (ec2-47-128-119-22.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.119.22 (ec2-47-128-119-22.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 31 16:04:15.836231 2024] [security2:error] [pid 15328] [client 47.128.119.22:39006] [client 47.128.119.22] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||civilwarzone.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "civilwarzone.com"] [uri "/~site/Scripts_ExternalRedirect/ExternalRedirect.dll"] [unique_id "Zbq1z7nlR26M_WS1GhHwUAAAAA4"], referer: https://civilwarzone.com/NonMeatRecipes.html show less
Brute-Force
Bad Web Bot
Web App Attack
AvonleaConsulting
2024-01-30 23:57:41
(8 months ago)
Attempts to probe web pages for vulnerable PHP or other applications
Web App Attack
AvonleaConsulting
2024-01-30 22:54:22
(8 months ago)
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
Bad Web Bot
Web App Attack
MAGIC
2024-01-29 07:02:24
(8 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-01-23 05:14:53
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TheMadBeaker
2024-01-22 04:18:17
(8 months ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
MAGIC
2024-01-20 12:06:46
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-01-19 18:22:15
(8 months ago)
[Sat Jan 20 01:22:12.762203 2024] [security2:error] [pid 136219:tid 123467189978688] [client 47.128. ... show more [Sat Jan 20 01:22:12.762203 2024] [security2:error] [pid 136219:tid 123467189978688] [client 47.128.119.22:19464] [client 47.128.119.22] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.5/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "9"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/prakiraan-bulanan/3874-prakiraan-sifat-hujan-bulanan/prakiraan-sifat-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-sifat-hujan-bulanan-di-propinsi-jawa-timur-tahun-2018/555557068-prakiraan-sifat-hujan-bulan-desember-tahun-2018-update-dari-analisis-bulan-oktober-2018 HT..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan
... show less
Hacking
Web App Attack