rtbh.com.tr
2024-08-18 20:55:31
(2 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
Anonymous
2024-08-16 14:15:03
(3 weeks ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
el-brujo
2024-08-16 13:56:26
(3 weeks ago)
16/Aug/2024:15:56:26.087211 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:15:56:26.087211 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Matched phrase ".htaccess" at ARGS:name[#markup]. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "98"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: .htaccess found within ARGS:name[#markup]: echo 77u/r0lgodlhowo8p3boccakzxjyb3jfcmvwb3j0aw5nkevfquxmif4grv9ot1rjq0upowply2hvicc8c2nyaxb0pgpkb2n1bwvudc50axrszsa9igf0b2ioilywrkdjrupavuvgvfv5qlzvrxhquvvsrlvnpt0iktskd2luzg93lmfkzev2zw50tglzdgvuzxioikrptunvbnrlbnrmb2fkzwqilgz1bmn0aw9ukcl7bgv0igu9zg9jdw1lbnquy3jlyxrlrwxlbwvudcgizm9ybsipo2uubwv0ag9kpsjwb3n0iixllmvuy3r5cgu9im11bhrpcgfydc9mb3jtlwrhdgeio2xldcb0pwrvy3vtzw50lmnyzwf0zuvszw1lbnqoimluchv0iik7dc50exblpsjmawxliix0lm5hbwu9imzpbguilhqucmvxdwl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "
... show less
Hacking
Web App Attack
el-brujo
2024-08-16 11:49:08
(3 weeks ago)
16/Aug/2024:13:49:08.236249 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:13:49:08.236249 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr88tASdVM-tL7sMAt-3TwAAVwA"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-16 10:48:16
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.netwo ... show more (mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 06:48:08.734336 2024] [security2:error] [pid 24227:tid 24227] [client 79.137.197.235:34110] [client 79.137.197.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||192.64.150.96|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "192.64.150.96"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr8uaDNHpNWQjka-gkyAkgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-16 07:54:29
(3 weeks ago)
16/Aug/2024:09:54:29.343432 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:09:54:29.343432 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr8FtYJxM6MonX9fy0pKhAAACj0"]
... show less
Hacking
Web App Attack
VHosting
2024-08-16 07:47:02
(3 weeks ago)
Attempt from 79.137.197.235, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
RoboSOC
2024-08-16 07:01:09
(3 weeks ago)
Joomla Remote Code Execution Vulnerability, PTR: cumbersome-number_n3.aeza.network.
Hacking
TPI-Abuse
2024-08-16 06:23:47
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.netwo ... show more (mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 02:23:43.079503 2024] [security2:error] [pid 22526:tid 22526] [client 79.137.197.235:38956] [client 79.137.197.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.mavikalem.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.mavikalem.org"] [uri "/2021/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr7wbxCnjDZIB6UAxzsGMgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-16 05:39:18
(3 weeks ago)
16/Aug/2024:07:39:18.467601 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:07:39:18.467601 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr7mBsjWfw7LHb-XqI0PpgABQyw"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-16 05:32:00
(3 weeks ago)
(mod_security) mod_security (id:240000) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.netwo ... show more (mod_security) mod_security (id:240000) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 01:31:53.640188 2024] [security2:error] [pid 23195:tid 23195] [client 79.137.197.235:50352] [client 79.137.197.235] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.powerkiteforum.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.powerkiteforum.com"] [uri "/images/stories/up.php"] [unique_id "Zr7kSVF0GxBvjlTFb5VbQQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-16 03:49:01
(3 weeks ago)
16/Aug/2024:05:49:01.217440 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:05:49:01.217440 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr7MLVia5FWUjnC7twFrHQABAxE"]
... show less
Hacking
Web App Attack
TPI-Abuse
2024-08-16 02:23:01
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.netwo ... show more (mod_security) mod_security (id:234930) triggered by 79.137.197.235 (cumbersome-number_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 22:22:54.815475 2024] [security2:error] [pid 13506:tid 13506] [client 79.137.197.235:59418] [client 79.137.197.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.ideaofauniversity.website"] [uri "/uncategorized/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr63_tZ0rN-AXuLbMYPDjwAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-08-16 02:21:25
(3 weeks ago)
16/Aug/2024:04:21:24.399896 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 16/Aug/2024:04:21:24.399896 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.235] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr63pFia5FWUjnC7twH03wABLxk"]
... show less
Hacking
Web App Attack
Anonymous
2024-08-16 02:17:24
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH