93.174.95.106
45 minutes ago
[Sun Oct 21 21:55:20.012928 2018] [:error] [pid 29003:tid 140334407337728] [client 93.174.95.106:396 ... show more [Sun Oct 21 21:55:20.012928 2018] [:error] [pid 29003:tid 140334407337728] [client 93.174.95.106:39645] [client 93.174.95.106] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.0.2/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "157"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.13.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/favicon.ico"] [unique_id "W8yTWGxJaPKoJu16h5f3BgAAAIM"]show less
Hacking
Web App Attack
128.199.128.104
49 minutes ago
[Sun Oct 21 21:51:44.068108 2018] [:error] [pid 27603:tid 140334373766912] [client 128.199.128.104:3 ... show more [Sun Oct 21 21:51:44.068108 2018] [:error] [pid 27603:tid 140334373766912] [client 128.199.128.104:36098] [client 128.199.128.104] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "Python-urllib" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.0.2/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "157"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: python-urllib/2.7"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "W8ySgKnCCEUZAUA8SzIZzwAAAAc"]show less
Hacking
Web App Attack
46.29.167.95
1 hour ago
1540132102 - 10/21/2018 21:28:22 Host: 46.29.167.95/46.29.167.95 Port: 19 UDP Blocked
Port Scan
Hacking
138.122.22.45
1 hour ago
1540131339 - 10/21/2018 21:15:39 Host: 45.22.122.138.rminet.com.br/138.122.22.45 Port: 23 TCP Blocke ... show more 1540131339 - 10/21/2018 21:15:39 Host: 45.22.122.138.rminet.com.br/138.122.22.45 Port: 23 TCP Blockedshow less
Port Scan
Hacking
207.180.223.16
1 hour ago
[Sun Oct 21 21:13:10.653058 2018] [:error] [pid 27603:tid 140334382159616] [client 207.180.223.16:55 ... show more [Sun Oct 21 21:13:10.653058 2018] [:error] [pid 27603:tid 140334382159616] [client 207.180.223.16:55047] [client 207.180.223.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.0.2/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "793"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "[email protected] "]show less
Hacking
Web App Attack
185.222.211.18
1 hour ago
1540130980 - 10/21/2018 21:09:40 Host: 185.222.211.18/185.222.211.18 Port: 12 TCP Blocked
Port Scan
Hacking
77.228.82.56
1 hour ago
1540130773 - 10/21/2018 21:06:13 Host: static-56-82-228-77.ipcom.comunitel.net/77.228.82.56 Port: 23 ... show more 1540130773 - 10/21/2018 21:06:13 Host: static-56-82-228-77.ipcom.comunitel.net/77.228.82.56 Port: 23 TCP Blockedshow less
Port Scan
Hacking
155.4.172.90
1 hour ago
1540130652 - 10/21/2018 21:04:12 Host: h-172-90.A277.priv.bahnhof.se/155.4.172.90 Port: 23 TCP Block ... show more 1540130652 - 10/21/2018 21:04:12 Host: h-172-90.A277.priv.bahnhof.se/155.4.172.90 Port: 23 TCP Blockedshow less
Port Scan
Hacking
122.116.21.7
1 hour ago
1540130055 - 10/21/2018 20:54:15 Host: 122-116-21-7.HINET-IP.hinet.net/122.116.21.7 Port: 23 TCP Blo ... show more 1540130055 - 10/21/2018 20:54:15 Host: 122-116-21-7.HINET-IP.hinet.net/122.116.21.7 Port: 23 TCP Blockedshow less
Port Scan
Hacking
54.36.115.218
1 hour ago
[Sun Oct 21 20:47:28.302568 2018] [:error] [pid 27603:tid 140334356981504] [client 54.36.115.218:617 ... show more [Sun Oct 21 20:47:28.302568 2018] [:error] [pid 27603:tid 140334356981504] [client 54.36.115.218:61715] [client 54.36.115.218] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.0.2/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "157"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.19.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/administrator/index.php"] [unique_id "W8yDcKnCCEUZAUA8SzIXDAAAAAk"]show less
Hacking
Web App Attack
141.0.13.85
2 hours ago
[Sun Oct 21 20:28:17.587738 2018] [:error] [pid 26218:tid 140334331803392] [client 141.0.13.85:53212 ... show more [Sun Oct 21 20:28:17.587738 2018] [:error] [pid 26218:tid 140334331803392] [client 141.0.13.85:53212] [client 141.0.13.85] ModSecurity: Access denied with code 403 (phase 2). String match "image/x-xbitmap" at REQUEST_HEADERS:Accept. [file "/etc/modsecurity/modsec-flameeyes/rules/flameeyes_20_antispam.conf"] [line "56"] [id "432070"] [msg "Requesting bitmaps when POSTing."] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/analisis-iklim/555556674-sampai-kapan-musim-kemarau-2018-di-jawa-timur-berakhir"] [unique_id "[email protected] "]show less
Hacking
Web App Attack
177.9.83.41
2 hours ago
1540126747 - 10/21/2018 19:59:07 Host: 177-9-83-41.dsl.telesp.net.br/177.9.83.41 Port: 23 TCP Blocke ... show more 1540126747 - 10/21/2018 19:59:07 Host: 177-9-83-41.dsl.telesp.net.br/177.9.83.41 Port: 23 TCP Blockedshow less
Port Scan
Hacking
220.133.91.228
3 hours ago
1540124721 - 10/21/2018 19:25:21 Host: 220-133-91-228.HINET-IP.hinet.net/220.133.91.228 Port: 23 TCP ... show more 1540124721 - 10/21/2018 19:25:21 Host: 220-133-91-228.HINET-IP.hinet.net/220.133.91.228 Port: 23 TCP Blockedshow less
Port Scan
Hacking
179.190.189.112
3 hours ago
1540124326 - 10/21/2018 19:18:46 Host: 179-190-189-112.cable.cabotelecom.com.br/179.190.189.112 Port ... show more 1540124326 - 10/21/2018 19:18:46 Host: 179-190-189-112.cable.cabotelecom.com.br/179.190.189.112 Port: 23 TCP Blockedshow less
Port Scan
Hacking
62.98.243.27
3 hours ago
1540122998 - 10/21/2018 18:56:38 Host: ppp-27-243.98-62.wind.it/62.98.243.27 Port: 23 TCP Blocked<br ... show more 1540122998 - 10/21/2018 18:56:38 Host: ppp-27-243.98-62.wind.it/62.98.243.27 Port: 23 TCP Blockedshow less
Port Scan
Hacking
179.233.157.22
3 hours ago
1540122859 - 10/21/2018 18:54:19 Host: b3e99d16.virtua.com.br/179.233.157.22 Port: 23 TCP Blocked<br ... show more 1540122859 - 10/21/2018 18:54:19 Host: b3e99d16.virtua.com.br/179.233.157.22 Port: 23 TCP Blockedshow less
Port Scan
Hacking
168.205.249.3
4 hours ago
1540120895 - 10/21/2018 18:21:35 Host: 168.205.249.3/168.205.249.3 Port: 23 TCP Blocked
Port Scan
Hacking
202.52.137.89
4 hours ago
[Sun Oct 21 18:17:19.426684 2018] [:error] [pid 25742:tid 140334818653952] [client 202.52.137.89:442 ... show more [Sun Oct 21 18:17:19.426684 2018] [:error] [pid 25742:tid 140334818653952] [client 202.52.137.89:44259] [client 202.52.137.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at REQUEST_COOKIES:owa_s. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.0.2/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "304"] [id "932130"] [rev "1"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: >(none)|||medium=>direct|||source=>(none)|||search_terms=>(none) found within REQUEST_COOKIES:owa_s: cdh=>32901d14|||last_req=>1490940433|||sid=>1490940433026352682|||dsps=>0|||referer=>(none)|||medium=>direct|||source=>(none)|||search_terms=>(none)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "7"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10 show less
Hacking
Web App Attack
217.31.184.101
4 hours ago
1540120042 - 10/21/2018 18:07:22 Host: h-184-101.A465.priv.bahnhof.se/217.31.184.101 Port: 23 TCP Bl ... show more 1540120042 - 10/21/2018 18:07:22 Host: h-184-101.A465.priv.bahnhof.se/217.31.184.101 Port: 23 TCP Blockedshow less
Port Scan
Hacking
95.13.130.225
5 hours ago
1540116512 - 10/21/2018 17:08:32 Host: 95.13.130.225.dynamic.ttnet.com.tr/95.13.130.225 Port: 23 TCP ... show more 1540116512 - 10/21/2018 17:08:32 Host: 95.13.130.225.dynamic.ttnet.com.tr/95.13.130.225 Port: 23 TCP Blockedshow less
Port Scan
Hacking
71.114.67.62
5 hours ago
[Sun Oct 21 16:46:27.535616 2018] [:error] [pid 22951:tid 140334407337728] [client 71.114.67.62:6358 ... show more [Sun Oct 21 16:46:27.535616 2018] [:error] [pid 22951:tid 140334407337728] [client 71.114.67.62:63584] [client 71.114.67.62] ModSecurity: Access denied with code 403 (phase 2). String match within "head options" at REQUEST_METHOD. [file "/etc/modsecurity/modsec-flameeyes/rules/flameeyes_10_robots.conf"] [line "47"] [id "431060"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "[email protected] "]show less
Hacking
Web App Attack
195.154.209.237
6 hours ago
2018-10-21 16:32:50,753 fail2ban.actions [738]: NOTICE [apache-modsecurity] Ban 195.154.209. ... show more 2018-10-21 16:32:50,753 fail2ban.actions [738]: NOTICE [apache-modsecurity] Ban 195.154.209.237show less
Hacking
Web App Attack
195.154.172.137
6 hours ago
[Sun Oct 21 16:31:56.458155 2018] [:error] [pid 21994:tid 140334264661760] [client 195.154.172.137:5 ... show more [Sun Oct 21 16:31:56.458155 2018] [:error] [pid 21994:tid 140334264661760] [client 195.154.172.137:58374] [client 195.154.172.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:xx$|^mozilla/5\\\\.0( \\\\(en-us\\\\))?$|^mozilla/4\\\\.0 \\\\(compatible; msie [67]\\\\.0; windows nt 5\\\\.1\\\\)$|^mozilla/5\\\\.0 (?:gecko|firefox)/|^firefox$|^mozilla firefox|^/5\\\\.0|anonymous/666|a \\\\.net web crawler)" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/modsec-flameeyes/rules/flameeyes_50_unknown_scanners.conf"] [line "22"] [id "435010"] [msg "Unknown scanner passing for a real browser"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/buletin/buletin-analisis-dan-prakiraan-bulanan/555556769-buletin-analisis-hujan-september-2018-dan-prakiraan-hujan-bulan-november-desember-2018-januari-2019-provinsi-jawa-timur"] [unique_id "W8xHjE-gg0PipGA89nhk3QAAAJQ"]show less
Hacking
Web App Attack
37.254.17.43
6 hours ago
1540112347 - 10/21/2018 15:59:07 Host: 37.254.17.43/37.254.17.43 Port: 23 TCP Blocked
Port Scan
Hacking
66.70.160.104
6 hours ago
1540112180 - 10/21/2018 15:56:20 Host: ip104.ip-66-70-160.net/66.70.160.104 Port: 9 TCP Blocked<br / ... show more 1540112180 - 10/21/2018 15:56:20 Host: ip104.ip-66-70-160.net/66.70.160.104 Port: 9 TCP Blockedshow less
Port Scan
Hacking
93.174.95.106