hermawan
2025-03-11 22:13:52
(2 weeks ago)
[Wed Mar 12 05:13:21.578238 2025] [security2:error] [pid 108071:tid 140055112787648] [client 47.128. ... show more [Wed Mar 12 05:13:21.578238 2025] [security2:error] [pid 108071:tid 140055112787648] [client 47.128.124.225:19824] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "187"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/arsip-artikel?catid=618&id=2405%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-31-januari-2017-6-februari-2017&start=150 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/profil/arsip-artikel"] [unique_id "Z9C1gXSB1sTq3691HOyfsQAB5w0"] [staklim-malang.info] [staklim-malang.info] top=[108085] [2WiNZZAiOk8] [Z9C1gshow less
Hacking
Web App Attack
MAGIC
2025-03-08 21:07:34
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
2025-03-04 03:35:50
(3 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
backslash
2025-02-27 06:35:08
(1 month ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
Josh S.
2025-02-22 00:19:51
(1 month ago)
Triggered Cloudflare WAF (firewallCustom) from SG.
Action taken: BLOCK
ASN: 16509 (AMAZO ... show more Triggered Cloudflare WAF (firewallCustom) from SG.[email protected] ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.0.0 Safari/537.36[email protected] show less
Bad Web Bot
Steve
2025-02-19 12:09:18
(1 month ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
2025-02-18 10:19:42
(1 month ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
TPI-Abuse
2025-02-16 20:20:37
(1 month ago)
(mod_security) mod_security (id:211180) triggered by 47.128.124.225 (ec2-47-128-124-225.ap-southeast ... show more (mod_security) mod_security (id:211180) triggered by 47.128.124.225 (ec2-47-128-124-225.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 16 15:20:34.028083 2025] [security2:error] [pid 3102233:tid 3102233] [client 47.128.124.225:32484] [client 47.128.124.225] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "50"] [id "211180"] [rev "3"] [msg "COMODO WAF: Session Fixation: SessionID Parameter Name with No Referer||wisconsinstatehuntingexpo.com|F|2"] [data "Matched Data: cftoken found within REQUEST_HEADERS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wisconsinstatehuntingexpo.com"] [uri "/"] [unique_id "Z7JIkkBypvWLT_XPodEt9QAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Séfora Srl
2025-02-14 15:48:40
(1 month ago)
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ... show more Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail show less
Bad Web Bot
TPI-Abuse
2025-02-07 03:28:55
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.124.225 (ec2-47-128-124-225.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.124.225 (ec2-47-128-124-225.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 06 22:28:49.355417 2025] [security2:error] [pid 16002:tid 16002] [client 47.128.124.225:10054] [client 47.128.124.225] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.phantomkennels.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.phantomkennels.com"] [uri "/puppysale.com"] [unique_id "Z6V98RGWmOMmYtJCM0AXIQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
2025-02-07 02:26:07
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
backslash
2025-01-26 10:35:07
(2 months ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
2025-01-22 08:38:26
(2 months ago)
Excessive crawling/scraping
Hacking
Brute-Force
Mendip_Defender
2025-01-15 06:33:31
(2 months ago)
47.128.124.225 - - [15/Jan/2025:06:33:36 +0000] "GET /?c=1&do=displayweek&month=9&s=385fe334b67f2c9d ... show more 47.128.124.225 - - [15/Jan/2025:06:33:36 +0000] "GET /?c=1&do=displayweek&month=9&s=385fe334b67f2c9db5db894ffa6ddf94&week=1378598400 HTTP/1.0" 200 10099 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"show less
Bad Web Bot
librebit
2025-01-14 11:17:51
(2 months ago)
Brute force
Brute-Force
Singapore