Anonymous
2024-10-29 12:50:51
(2 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-27 10:12:21
(2 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-10-26 09:06:20
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-10-24 16:16:42
(2 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-23 13:41:50
(2 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-21 09:50:54
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-17 10:44:05
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-10-17 10:05:14
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-10-12 01:42:56
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Mendip_Defender
2024-10-11 10:16:15
(3 months ago)
47.128.50.240 - - [11/Oct/2024:11:16:32 +0100] "GET /robots.txt HTTP/1.0" 200 972 "-" "Mozilla/5.0 ( ... show more 47.128.50.240 - - [11/Oct/2024:11:16:32 +0100] "GET /robots.txt HTTP/1.0" 200 972 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Anonymous
2024-10-03 01:45:25
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-30 07:57:54
(3 months ago)
Excessive crawling/scraping
Hacking
Brute-Force
TPI-Abuse
2024-09-25 10:18:36
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.50.240 (ec2-47-128-50-240.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.50.240 (ec2-47-128-50-240.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 25 06:18:29.258434 2024] [security2:error] [pid 12415:tid 12415] [client 47.128.50.240:23240] [client 47.128.50.240] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.doctorc.net|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.doctorc.net"] [uri "/Labs/Lab17/IMAGES/FINDER.DAT"] [unique_id "ZvPjdbALMmSXmKbesjaz_wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-20 18:22:59
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.50.240 (ec2-47-128-50-240.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.50.240 (ec2-47-128-50-240.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 20 14:22:55.534207 2024] [security2:error] [pid 9857:tid 9857] [client 47.128.50.240:53372] [client 47.128.50.240] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vitalitywebb.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Kendall/Thumbs.db"] [unique_id "Zu29fyz9ABLB7hxg-AhVSgAAACg"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-09-16 11:00:26
(4 months ago)
[Mon Sep 16 13:58:37.602854 2024] [security2:error] [pid 653170:tid 134066630297280] [client 47.128. ... show more [Mon Sep 16 13:58:37.602854 2024] [security2:error] [pid 653170:tid 134066630297280] [client 47.128.50.240:23674] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "39"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/prakiraan-bulanan/3874-prakiraan-sifat-hujan-bulanan/prakiraan-sifat-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-sifat-hujan-bulanan-di-propinsi-jawa-timur-tahun-2018/555556498-prakiraan-sifat-hujan-bulan-juli-tahun-2018-jawa-timur-update-dari-analisis-bulan-mei-tahu..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-bulanan/3874-prakiraa
... show less
Hacking
Web App Attack