hermawan
2024-08-09 09:54:14
(1 month ago)
[Fri Aug 09 15:38:02.308931 2024] [security2:error] [pid 1213980:tid 134777657099840] [client 57.141 ... show more [Fri Aug 09 15:38:02.308931 2024] [security2:error] [pid 1213980:tid 134777657099840] [client 57.141.3.3:38280] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Agent" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Agent found within REQUEST_HEADERS:User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) request_line = GET /index.php/component/search/?Itemid=694&catid=155&id=908&format=opensearch HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/component/search/"] [unique_id "ZrXVahS1oLvT8aWYBdCv2gAARx8"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1214012] [FmGyD+SqezA] [ZrXVahS1oLvT8aWYBdCv2gAARx8] keep_alive=[1] [2024-08-09 15:38:02.308935] [R:ZrXVahS1oLvT8aWYBdCv2gAARx8] UA:'meta-externalagen
... show less
Hacking
Web App Attack
JuicyJ
2024-08-06 14:10:15
(2 months ago)
Excessive crawling/scraping
Web App Attack
hermawan
2024-08-05 03:30:46
(2 months ago)
[Mon Aug 05 06:52:11.108137 2024] [security2:error] [pid 299973:tid 139481627756096] [client 57.141. ... show more [Mon Aug 05 06:52:11.108137 2024] [security2:error] [pid 299973:tid 139481627756096] [client 57.141.3.3:58462] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Agent" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Agent found within REQUEST_HEADERS:User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) request_line = GET /index.php/profil/arsip-artikel?id=1287:prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-28-desember-2016-3-januari-2017&catid=472&start=40 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/arsip-artikel"] [unique_id "ZrAUK9nxYcy4SWPjheF-UgAAVgA"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[299974] [ttG7Pzz2kuE] [ZrAUK9nxYcy4SWPjheF-UgAAVgA] keep_al
... show less
Hacking
Web App Attack
MAGIC
2024-07-31 06:00:41
(2 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-07-30 16:47:13
(2 months ago)
[Tue Jul 30 23:47:07.456073 2024] [security2:error] [pid 280810:tid 136548299310656] [client 57.141. ... show more [Tue Jul 30 23:47:07.456073 2024] [security2:error] [pid 280810:tid 136548299310656] [client 57.141.3.3:59892] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "((?:[~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^~!@#\\\\$%\\\\^&\\\\*\\\\(\\\\)\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){12})" at ARGS:id. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "3728"] [id "942430"] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data " Matched Data ARGS charset: - Matched Data TX.1: :prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal- found within Content-Type multipart form Matched Data: :prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal- found within ARGS:id: 1195:prakiraan-cuaca-daerah-malang-dan-
... show less
Hacking
Web App Attack
MAGIC
2024-07-30 15:01:59
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
hermawan
2024-07-30 04:30:33
(2 months ago)
[Tue Jul 30 11:30:28.462815 2024] [security2:error] [pid 836889:tid 125819936572992] [client 57.141. ... show more [Tue Jul 30 11:30:28.462815 2024] [security2:error] [pid 836889:tid 125819936572992] [client 57.141.3.3:50674] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Agent" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Agent found within REQUEST_HEADERS:User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) request_line = GET /index.php/component/search/?Itemid=690&catid=4095&id=555559056&format=opensearch HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/component/search/"] [unique_id "ZqhsZFh6bvetvpKEpDP6WwAAoBg"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[836914] [fNrsb+/H2Po] [ZqhsZFh6bvetvpKEpDP6WwAAoBg] keep_alive=[1] [2024-07-30 11:30:28.462822] [R:ZqhsZFh6bvetvpKEpDP6WwAAoBg] UA:'meta-externa
... show less
Hacking
Web App Attack
hermawan
2024-07-25 03:56:20
(2 months ago)
[Thu Jul 25 10:56:17.695042 2024] [security2:error] [pid 136091:tid 129051687650880] [client 57.141. ... show more [Thu Jul 25 10:56:17.695042 2024] [security2:error] [pid 136091:tid 129051687650880] [client 57.141.3.3:46590] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Agent" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Agent found within REQUEST_HEADERS:User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) request_line = GET /index.php/profil/meteorologi/list-all-categories/4124-klimatologi/prakiraan-klimatologi/prakiraan-dasarian/prakiraan-dasarian-daerah-potensi-banjir/prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur/prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur-tahun-2022/555559869-prakiraan-dasarian-daerah-potensi-banjir-..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteor
... show less
Hacking
Web App Attack
hermawan
2024-07-24 15:24:01
(2 months ago)
[Wed Jul 24 22:23:58.218626 2024] [security2:error] [pid 653669:tid 123989642970688] [client 57.141. ... show more [Wed Jul 24 22:23:58.218626 2024] [security2:error] [pid 653669:tid 123989642970688] [client 57.141.3.3:60366] [client 57.141.3.3] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Agent" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Agent found within REQUEST_HEADERS:User-Agent: meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler) request_line = GET /index.php/profil/meteorologi/list-all-categories/2063-klimatologi/prakiraan-klimatologi/prakiraan-indeks-presipitasi-terstandarisasi-spi/prakiraan-indeks-presipitasi-terstandarisasi-spi-di-jawa-timur/prakiraan-indeks-presipitasi-terstandarisasi-spi-di-jawa-timur-tiap-1-bulanan?format=feed&type=rss HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all-categories/2063-kli
... show less
Hacking
Web App Attack
axllent
2024-07-14 07:02:51
(2 months ago)
Cross Site Scripting - /auckland-harbour-bridge-ice-cream/%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.or ... show more Cross Site Scripting - /auckland-harbour-bridge-ice-cream/%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27567%27%20height%3D%27850%27%20viewBox%3D%270%200%20567%20850%27%3E%3Crect%20width%3D%27567%27%20height%3D%27850%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E show less
Hacking
Web App Attack
axllent
2024-07-11 16:17:21
(2 months ago)
Cross Site Scripting - /this-is-not-an-ice-cream/%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000% ... show more Cross Site Scripting - /this-is-not-an-ice-cream/%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27866%27%20height%3D%271024%27%20viewBox%3D%270%200%20866%201024%27%3E%3Crect%20width%3D%27866%27%20height%3D%271024%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E show less
Hacking
Web App Attack