Information Security
2024-11-14 07:52:04
(2 months ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-11-14 07:26:51
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 02:26:44.174776 2024] [security2:error] [pid 1530497:tid 1530497] [client 92.246.136.95:60280] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.littlepaganacorns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.littlepaganacorns.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzWmNC5zeMIIONOebaaaiAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-14 06:21:34
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 01:21:28.114180 2024] [security2:error] [pid 31087:tid 31087] [client 92.246.136.95:36702] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.whodatnation.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.whodatnation.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzWW6I8qkFXsniyOg3RQnQAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
taivas.nl
2024-11-14 05:32:26
(2 months ago)
Many_bad_calls
Web App Attack
TPI-Abuse
2024-11-14 04:58:22
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 23:58:18.567467 2024] [security2:error] [pid 5544:tid 5602] [client 92.246.136.95:37886] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||flu.xavidominguez.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "flu.xavidominguez.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzWDakNUVrcOmN7wfTHepgAAAJg"] show less
Brute-Force
Bad Web Bot
Web App Attack
selahattinalan
2024-11-14 02:17:34
(2 months ago)
92.246.136.95 - - [14/Nov/2024:05:17:34 +0300] "GET /gizlilik-politikasi HTTP/1.1" 301 4304 "-" "pyt ... show more 92.246.136.95 - - [14/Nov/2024:05:17:34 +0300] "GET /gizlilik-politikasi HTTP/1.1" 301 4304 "-" "python-requests/2.27.1" show less
Brute-Force
rsiddall
2024-11-14 02:10:10
(2 months ago)
2024-11-13T21:10:01.572417linnet.elirion.net drupal[5084]: https://huumanists.org|1731550201|user|92 ... show more 2024-11-13T21:10:01.572417linnet.elirion.net drupal[5084]: https://huumanists.org|1731550201|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for huumanists.
2024-11-13T21:10:03.153759linnet.elirion.net drupal[5085]: https://huumanists.org|1731550203|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for admin.
2024-11-13T21:10:05.166385linnet.elirion.net drupal[5085]: https://huumanists.org|1731550205|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for administrator.
2024-11-13T21:10:07.228198linnet.elirion.net drupal[5084]: https://huumanists.org|1731550207|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for huumanists.
2024-11-13T21:10:10.089476linnet.elirion.net drupal[5084]: https://huumanists.org|1731550210|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for admin.
... show less
Brute-Force
Anonymous
2024-11-14 00:01:26
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
cmbplf
2024-11-13 23:24:52
(2 months ago)
1.809 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
rsiddall
2024-11-13 23:13:16
(2 months ago)
2024-11-13T18:13:06.981120linnet.elirion.net drupal[31322]: https://huumanists.org|1731539586|user|9 ... show more 2024-11-13T18:13:06.981120linnet.elirion.net drupal[31322]: https://huumanists.org|1731539586|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for huumanists.
2024-11-13T18:13:09.424117linnet.elirion.net drupal[31322]: https://huumanists.org|1731539589|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for admin.
2024-11-13T18:13:11.862445linnet.elirion.net drupal[31322]: https://huumanists.org|1731539591|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for administrator.
2024-11-13T18:13:13.395621linnet.elirion.net drupal[31322]: https://huumanists.org|1731539593|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for huumanists.
2024-11-13T18:13:15.837419linnet.elirion.net drupal[31322]: https://huumanists.org|1731539595|user|92.246.136.95|https://huumanists.org/blog/?q=user||0||Login attempt failed for admin.
... show less
Brute-Force
TPI-Abuse
2024-11-13 22:57:30
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:240000) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 17:57:23.471592 2024] [security2:error] [pid 1118487:tid 1118487] [client 92.246.136.95:52524] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||acmax.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "acmax.com"] [uri "/home/images/stories/evil.php"] [unique_id "ZzUu07_1ayWojIe1yLsq3QAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-13 22:22:54
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 17:22:50.360738 2024] [security2:error] [pid 32733:tid 32733] [client 92.246.136.95:60076] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.microkerneltechnologies.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.microkerneltechnologies.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzUmurIQdAy2qzjAmFuS_QAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-13 22:10:03
(2 months ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2024-11-13 21:13:05
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 13 16:12:59.475435 2024] [security2:error] [pid 3754824:tid 3754824] [client 92.246.136.95:38968] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.bickleton.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.bickleton.org"] [uri "/driving-directions/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzUWW37ZzMelCpoBTr-hAQAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Reinhard
2024-11-13 20:49:00
(2 months ago)
Msg from error-handling: Error:/widwsisw/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. Body:We ... show more Msg from error-handling: Error:/widwsisw/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php. Body:Wed, 13 Nov 2024 21:49:36 +0100, IP-Addr:92.246.136.95, Host:wanting-wax-n1.aeza.network show less
Hacking
Brute-Force
Web App Attack