TPI-Abuse
2024-07-23 05:55:23
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 01:55:19.700166 2024] [security2:error] [pid 14360:tid 14483] [client 5.101.156.199:56248] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||supercyprus.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "supercyprus.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp9Fx_o2YN7XO6hibFD4ggAAAhY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-23 05:48:06
(1 month ago)
xmlrpc attack blocked attempt from fail2ban
...
Web App Attack
TPI-Abuse
2024-07-23 05:38:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 23 01:37:59.472865 2024] [security2:error] [pid 9025:tid 9025] [client 5.101.156.199:60604] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pinetreedistrict.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pinetreedistrict.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp9Bt6P8ESVLZU-qyqOt2gAAAAM"], referer: http://pinetreedistrict.org/wp-login.php show less
Brute-Force
Bad Web Bot
Web App Attack
octageeks.com
2024-07-23 04:07:29
(1 month ago)
Wordpress malicious attack:[octaflood]
Web App Attack
TPI-Abuse
2024-07-23 03:18:03
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 23:17:58.304100 2024] [security2:error] [pid 12900:tid 12900] [client 5.101.156.199:59784] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||chicagoinquirer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chicagoinquirer.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp8g5npREKUYaxLY7fX0mgAAAAo"], referer: http://chicagoinquirer.com/wp-login.php show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-23 03:01:45
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 23:01:40.678383 2024] [security2:error] [pid 25094:tid 25094] [client 5.101.156.199:39114] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||inverzona.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "inverzona.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp8dFAnUzLvtzK1B4M9eYQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-23 02:56:19
(1 month ago)
wordpress-trap
Web App Attack
TPI-Abuse
2024-07-23 02:08:58
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 22:08:51.154229 2024] [security2:error] [pid 429:tid 429] [client 5.101.156.199:42122] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||soozebosire.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "soozebosire.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp8Qs9TKUwha8UG5la3anwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-07-23 02:05:04
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
plzenskypruvodce.cz
2024-07-23 01:16:35
(1 month ago)
2024-07-23T03:16:34.376875+02:00 web wordpress(varhanykolin.cz)[2194941]: Immediately block connecti ... show more 2024-07-23T03:16:34.376875+02:00 web wordpress(varhanykolin.cz)[2194941]: Immediately block connections from 5.101.156.199
... show less
Brute-Force
TPI-Abuse
2024-07-23 00:31:09
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 20:31:04.039573 2024] [security2:error] [pid 4778:tid 4778] [client 5.101.156.199:50734] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||johncyphers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "johncyphers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Zp75yHGGKMBrIu5f05RWMwAAAAk"], referer: http://johncyphers.com/wp-login.php show less
Brute-Force
Bad Web Bot
Web App Attack
teamsecure
2024-07-23 00:19:58
(1 month ago)
Banned for trying to access wp-login
Web App Attack
ger-stg-sifi1
2024-07-19 22:46:36
(1 month ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
RLDD
2024-07-19 22:18:00
(1 month ago)
WP login attempts -mod
Brute-Force
TPI-Abuse
2024-07-19 22:03:39
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 5.101.156.199 (m1.hercules.beget.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 19 18:03:32.229906 2024] [security2:error] [pid 1905286:tid 1905286] [client 5.101.156.199:58602] [client 5.101.156.199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||queenscountyparade.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "queenscountyparade.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ZpritIIkKfz0nIV-FzzLRgAAAAU"], referer: http://queenscountyparade.org/wp-login.php show less
Brute-Force
Bad Web Bot
Web App Attack