Anonymous
2025-01-15 01:06:34
(5 days ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Jim Keir
2025-01-12 17:39:13
(1 week ago)
2025-01-12 17:39:13 47.128.54.97 Bad bot, blocking Mozilla/5.0
Bad Web Bot
Anonymous
2025-01-11 13:09:38
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
Anonymous
2025-01-11 00:34:11
(1 week ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2025-01-10 20:12:32
(1 week ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2025-01-07 07:53:14
(1 week ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-12-29 10:01:47
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-12-25 14:16:51
(3 weeks ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
Anonymous
2024-12-23 10:11:56
(4 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-18 22:38:47
(1 month ago)
Excessive crawling/scraping
Hacking
Brute-Force
MAGIC
2024-12-10 19:10:35
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-12-04 12:18:40
(1 month ago)
[Wed Dec 04 09:21:09.662746 2024] [security2:error] [pid 525349:tid 135272335144640] [client 47.128. ... show more [Wed Dec 04 09:21:09.662746 2024] [security2:error] [pid 525349:tid 135272335144640] [client 47.128.54.97:61056] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "61"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/arsip-artikel?catid=492&id=594%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-30-juni-6-juli-2015&start=40 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/arsip-artikel"] [unique_id "Z0-8lcqFsN9uDDZ8fH7o7gACrz8"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[525413] [KJdPb5Dq+do] [Z0-8lcqF
... show less
Hacking
Web App Attack
selahattinalan
2024-12-03 21:50:14
(1 month ago)
47.128.54.97 - - [04/Dec/2024:00:50:13 +0300] "GET /index.php?limit=50&order=DESC&product_id=953&rou ... show more 47.128.54.97 - - [04/Dec/2024:00:50:13 +0300] "GET /index.php?limit=50&order=DESC&product_id=953&route=product%2Fproduct&sort=pd.name HTTP/1.1" 301 669 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )" show less
Brute-Force
TPI-Abuse
2024-11-30 15:24:04
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.54.97 (ec2-47-128-54-97.ap-southeast-1.c ... show more (mod_security) mod_security (id:210730) triggered by 47.128.54.97 (ec2-47-128-54-97.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 10:24:00.385674 2024] [security2:error] [pid 3245632:tid 3245632] [client 47.128.54.97:10538] [client 47.128.54.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.med-engineering.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.med-engineering.com"] [uri "/molvir.com"] [unique_id "Z0suEMCbpeQXz7jMAC07kgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-11-29 08:33:19
(1 month ago)
[Fri Nov 29 13:17:46.281180 2024] [security2:error] [pid 121831:tid 126622731953856] [client 47.128. ... show more [Fri Nov 29 13:17:46.281180 2024] [security2:error] [pid 121831:tid 126622731953856] [client 47.128.54.97:44170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "61"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/arsip-artikel?catid=480&id=997%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-24-30-mei-2016&start=80 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/arsip-artikel"] [unique_id "Z0lcikFGq7tcbtq7xlTOVwABUwc"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[121839] [rxInJx/I8QU] [Z0lcikFGq7tcb
... show less
Hacking
Web App Attack