One Hat Cyber Team

View File Name : c1.erp.dev-unit.com.error.log

[Fri May 23 04:11:52.601827 2025] [:error] [pid 21560:tid 139929656993536] [client 197.58.155.36:59537] [client 197.58.155.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:workdo_dash_cookie. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within REQUEST_COOKIES:workdo_dash_cookie: {\\x22level\\x22:[\\x22necessary\\x22],\\x22revision\\x22:0,\\x22data\\x22:null,\\x22rfc_cookie\\x22:false}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "c1.erp.dev-unit.com"] [uri "/dashboard"] [unique_id "aC_LWCfNUWpU56pu2cilxwAAAQU"]
[Fri May 23 04:11:52.865513 2025] [:error] [pid 21560:tid 139929640208128] [client 197.58.155.36:59537] [client 197.58.155.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:workdo_dash_cookie. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within REQUEST_COOKIES:workdo_dash_cookie: {\\x22level\\x22:[\\x22necessary\\x22],\\x22revision\\x22:0,\\x22data\\x22:null,\\x22rfc_cookie\\x22:false}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "c1.erp.dev-unit.com"] [uri "/favicon.ico"] [unique_id "aC_LWCfNUWpU56pu2cilyAAAAQc"], referer: https://c1.erp.dev-unit.com/dashboard
[Fri May 23 04:11:56.136774 2025] [:error] [pid 21661:tid 139929573066496] [client 159.89.12.166:53870] [client 159.89.12.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "c1.erp.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aC_LXKK6CfSX7r9TAE-ylwAAAI8"]
[Fri May 23 04:11:56.729962 2025] [:error] [pid 21560:tid 139929497532160] [client 159.89.12.166:59542] [client 159.89.12.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "c1.erp.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aC_LXCfNUWpU56pu2cil1AAAARg"]
[Fri May 23 04:11:58.167888 2025] [authz_core:error] [pid 21661:tid 139929665386240] [client 159.89.12.166:42206] AH01630: client denied by server configuration: /home/id/erp.dev-unit.com/server-status
[Fri May 23 04:11:58.921953 2025] [authz_core:error] [pid 21661:tid 139929589851904] [client 159.89.12.166:36482] AH01630: client denied by server configuration: /home/id/erp.dev-unit.com/server-status
[Fri May 23 04:11:59.152695 2025] [access_compat:error] [pid 21661:tid 139929581459200] [client 159.89.12.166:42258] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Fri May 23 04:11:59.983378 2025] [access_compat:error] [pid 21560:tid 139929505924864] [client 159.89.12.166:36514] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Sat May 24 11:49:13.555438 2025] [access_compat:error] [pid 8454:tid 139833995196160] [client 208.76.40.203:58270] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Sun May 25 04:26:02.457027 2025] [access_compat:error] [pid 15533:tid 139900280096512] [client 170.39.217.204:51244] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Sun May 25 13:33:43.395664 2025] [access_compat:error] [pid 8328:tid 139900401501952] [client 91.206.169.53:47360] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Sun May 25 18:25:01.365173 2025] [access_compat:error] [pid 29215:tid 139900263311104] [client 170.39.217.201:21304] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/app/.env
[Sun May 25 18:25:10.679743 2025] [access_compat:error] [pid 29215:tid 139900221347584] [client 170.39.217.201:21304] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/public/.env
[Mon May 26 09:02:42.275340 2025] [access_compat:error] [pid 3063:tid 140406482257664] [client 91.206.169.53:55734] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Mon May 26 13:56:49.172011 2025] [access_compat:error] [pid 7592:tid 140406347974400] [client 170.39.217.113:57770] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/app/.env
[Mon May 26 13:56:57.605704 2025] [access_compat:error] [pid 7592:tid 140406389937920] [client 170.39.217.113:57770] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/public/.env
[Tue May 27 15:27:56.169849 2025] [access_compat:error] [pid 2091:tid 140628973287168] [client 137.220.202.146:60932] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Fri May 30 21:00:41.263231 2025] [access_compat:error] [pid 2863:tid 140678922680064] [client 31.56.56.147:47458] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Sat May 31 06:53:51.771437 2025] [access_compat:error] [pid 2107:tid 140166979049216] [client 31.56.56.153:40758] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Mon Jun 02 07:48:06.889406 2025] [access_compat:error] [pid 26159:tid 140351184488192] [client 31.56.56.153:37714] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Tue Jun 03 21:13:01.182020 2025] [access_compat:error] [pid 32392:tid 140698707789568] [client 31.56.56.153:59378] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Wed Jun 04 10:37:49.888066 2025] [access_compat:error] [pid 11275:tid 140250103404288] [client 185.177.72.201:35040] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Wed Jun 04 10:37:56.409923 2025] [access_compat:error] [pid 11181:tid 140250086618880] [client 185.177.72.201:14638] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/app/.env
[Thu Jun 05 22:19:13.122425 2025] [access_compat:error] [pid 21093:tid 139942852261632] [client 124.198.131.114:62277] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Fri Jun 06 10:52:49.703903 2025] [access_compat:error] [pid 28112:tid 139905145440000] [client 137.220.202.146:60260] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Fri Jun 13 02:30:55.896419 2025] [access_compat:error] [pid 26767:tid 140178921604864] [client 83.217.210.41:36378] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env
[Tue Jun 17 06:36:08.119902 2025] [access_compat:error] [pid 14969:tid 140673029330688] [client 212.102.33.167:11291] AH01797: client denied by server configuration: /home/id/erp.dev-unit.com/.env