cmbplf
|
|
2.176 POST requests to */wp-login.php
|
Brute-Force
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 85.192.27.24 (clammy-rhythm.aeza.network): 1 in ... show more(mod_security) mod_security (id:225170) triggered by 85.192.27.24 (clammy-rhythm.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 07:23:16.680184 2024] [security2:error] [pid 3345:tid 3345] [client 85.192.27.24:46112] [client 85.192.27.24] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||frelsburg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "frelsburg.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzSaNGMJoMrqPrH8qPOsxQAAAAk"], referer: https://www.google.com show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
taivas.nl
|
|
Wordpress_xmlrpc_attack
|
Bad Web Bot
|
|
Anonymous
|
|
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:26 +0100] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Ap ... show more[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:26 +0100] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:29 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:32 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:34 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:37 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:39 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 85.192.27.24 - - [13/Nov/2024:12:46:42 +0100] "POST /xmlrpc.php HTTP/1.1" 200 261 "-" "Apache-HttpClient/4.5.13 (Java/11.0.25)"
[redacted] 8
... show less
|
Web App Attack
|
|
LRob.fr
|
|
WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail
|
Brute-Force
Web App Attack
|
|
maxxsense
|
|
(wordpress) Failed wordpress login from 85.192.27.24 (AT/Austria/clammy-rhythm.aeza.network)
|
Brute-Force
|
|
applemooz
|
|
WordPress XMLRPC Brute Force Attacks
...
|
Brute-Force
Web App Attack
|
|
weblite
|
|
WP_XMLRPC_ABUSE
|
Brute-Force
Web App Attack
|
|
COMAITE
|
|
CMS (WordPress or Joomla) brute force attempt.
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 85.192.27.24 (clammy-rhythm.aeza.network): 1 in ... show more(mod_security) mod_security (id:225170) triggered by 85.192.27.24 (clammy-rhythm.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 06:27:35.879615 2024] [security2:error] [pid 25267:tid 25267] [client 85.192.27.24:32770] [client 85.192.27.24] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||persnicketyinc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "persnicketyinc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZzSNJ48PPWMEE5fFwA5MZwAAAA4"], referer: https://www.google.com show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|