⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.94
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
crm-dev.dev-unit.com.error.log
[Thu Feb 20 03:18:17.409817 2025] [authz_core:error] [pid 675:tid 139809364371200] [client 178.128.207.138:49800] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Feb 20 03:18:18.480779 2025] [:error] [pid 676:tid 139809263658752] [client 178.128.207.138:49896] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Thu Feb 20 03:18:18.682966 2025] [authz_core:error] [pid 677:tid 139809255266048] [client 206.81.24.227:39330] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Feb 20 03:18:19.589423 2025] [:error] [pid 677:tid 139809213302528] [client 206.81.24.227:39394] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Fri Feb 21 12:45:06.937941 2025] [:error] [pid 19911:tid 140022476879616] [client 65.20.74.104:51991] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Wed Feb 26 22:03:05.449798 2025] [:error] [pid 25449:tid 140665139717888] [client 170.39.218.109:57954] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Wed Feb 26 22:03:08.826785 2025] [:error] [pid 25449:tid 140664910067456] [client 170.39.218.109:57954] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Wed Feb 26 22:03:25.252470 2025] [:error] [pid 25450:tid 140664977209088] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfoposmeta.php [Wed Feb 26 22:03:27.445152 2025] [:error] [pid 25450:tid 140664935245568] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/ppinfo.php [Wed Feb 26 22:03:30.901900 2025] [:error] [pid 25450:tid 140664910067456] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/admin_phpinfo.php [Wed Feb 26 22:03:34.311325 2025] [:error] [pid 25450:tid 140664993994496] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/server_info.php [Wed Feb 26 22:03:37.496509 2025] [:error] [pid 25450:tid 140664960423680] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Wed Feb 26 22:03:38.752729 2025] [:error] [pid 25450:tid 140664876496640] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/server-info.php [Wed Feb 26 22:03:44.079454 2025] [:error] [pid 25450:tid 140664943638272] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo2.php [Wed Feb 26 22:03:46.147357 2025] [:error] [pid 25450:tid 140665114539776] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo3.php [Wed Feb 26 22:03:48.130908 2025] [:error] [pid 25450:tid 140665097754368] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo4.php [Wed Feb 26 22:03:50.269168 2025] [:error] [pid 25450:tid 140665139717888] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/debug.php [Wed Feb 26 22:03:59.482644 2025] [:error] [pid 25450:tid 140665131325184] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/adminphp.php [Wed Feb 26 22:04:01.461716 2025] [:error] [pid 25450:tid 140664977209088] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/adminphp.php [Wed Feb 26 22:04:04.057470 2025] [:error] [pid 25450:tid 140664884889344] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/apache.php [Wed Feb 26 22:04:13.609837 2025] [:error] [pid 25450:tid 140665002387200] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/apache2.php [Wed Feb 26 22:04:16.141415 2025] [:error] [pid 25450:tid 140664910067456] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/build.php [Wed Feb 26 22:04:18.493012 2025] [:error] [pid 25450:tid 140664926852864] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/cache.php [Wed Feb 26 22:04:30.695764 2025] [:error] [pid 25450:tid 140664943638272] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/dep.php [Wed Feb 26 22:04:33.234822 2025] [:error] [pid 25450:tid 140665114539776] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/deploy.php [Wed Feb 26 22:04:35.532050 2025] [:error] [pid 25450:tid 140665097754368] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/dev.php [Wed Feb 26 22:04:38.052761 2025] [:error] [pid 25450:tid 140665139717888] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/developer.php [Wed Feb 26 22:04:40.145830 2025] [:error] [pid 25450:tid 140664952030976] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/devs.php [Wed Feb 26 22:04:41.991147 2025] [:error] [pid 25450:tid 140664893282048] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/frontend_dev.php [Wed Feb 26 22:04:44.503139 2025] [:error] [pid 25450:tid 140665106147072] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/in.php [Wed Feb 26 22:04:46.668861 2025] [:error] [pid 25450:tid 140664868103936] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/index.php [Wed Feb 26 22:04:49.814894 2025] [:error] [pid 25450:tid 140665131325184] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/index1.php [Wed Feb 26 22:04:51.757235 2025] [:error] [pid 25450:tid 140664977209088] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/inf.php [Wed Feb 26 22:04:53.539682 2025] [:error] [pid 25450:tid 140664884889344] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/info1.php [Wed Feb 26 22:04:55.276090 2025] [:error] [pid 25450:tid 140664935245568] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/info2.php [Wed Feb 26 22:04:55.995747 2025] [:error] [pid 25450:tid 140664985601792] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/info3.php [Wed Feb 26 22:04:58.183838 2025] [:error] [pid 25450:tid 140665089361664] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/info4.php [Wed Feb 26 22:05:00.673416 2025] [:error] [pid 25450:tid 140665002387200] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/infophp.php [Wed Feb 26 22:05:03.517358 2025] [:error] [pid 25450:tid 140664910067456] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/infos.php [Wed Feb 26 22:05:06.069697 2025] [:error] [pid 25450:tid 140664926852864] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/ini.php [Wed Feb 26 22:05:08.452075 2025] [:error] [pid 25450:tid 140664901674752] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/isadmin.php [Wed Feb 26 22:05:10.806978 2025] [:error] [pid 25450:tid 140664993994496] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/jo.php [Wed Feb 26 22:05:13.220893 2025] [:error] [pid 25450:tid 140665122932480] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/lindex.php [Wed Feb 26 22:05:15.668913 2025] [:error] [pid 25450:tid 140664968816384] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/linusadmin-phpinfo.php [Wed Feb 26 22:05:18.011399 2025] [:error] [pid 25450:tid 140664960423680] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/main.php [Wed Feb 26 22:05:20.345026 2025] [:error] [pid 25450:tid 140664918460160] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/new.php [Wed Feb 26 22:05:22.307670 2025] [:error] [pid 25450:tid 140665010779904] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/ocp.php [Wed Feb 26 22:05:24.188582 2025] [:error] [pid 25450:tid 140665114539776] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/of.php [Wed Feb 26 22:05:26.344204 2025] [:error] [pid 25450:tid 140664952030976] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/old_phpinfo.php [Wed Feb 26 22:05:28.772748 2025] [:error] [pid 25450:tid 140664893282048] [client 170.39.218.109:52838] [client 170.39.218.109] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/php.ini"] [unique_id "Z790CKr6FfN-nbLTx0cJQQAAAJU"] [Wed Feb 26 22:05:31.332187 2025] [:error] [pid 25450:tid 140665106147072] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/php.php [Wed Feb 26 22:05:33.816033 2025] [:error] [pid 25450:tid 140664868103936] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Wed Feb 26 22:05:36.207385 2025] [:error] [pid 25450:tid 140665131325184] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/php1.php [Wed Feb 26 22:05:45.819000 2025] [:error] [pid 25450:tid 140664985601792] [client 170.39.218.109:52838] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php4 [Wed Feb 26 22:06:24.505572 2025] [:error] [pid 26667:tid 140665010779904] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfodev.php [Wed Feb 26 22:06:26.091938 2025] [:error] [pid 26667:tid 140664910067456] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfos.php [Wed Feb 26 22:06:29.295603 2025] [:error] [pid 26667:tid 140664985601792] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/phpsysinfo.php [Wed Feb 26 22:06:34.864678 2025] [:error] [pid 26667:tid 140664943638272] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/phptest.php [Wed Feb 26 22:06:36.241961 2025] [:error] [pid 26667:tid 140664893282048] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/phpversion.php [Wed Feb 26 22:06:37.584677 2025] [:error] [pid 26667:tid 140664884889344] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/pinfo.php [Wed Feb 26 22:06:39.002098 2025] [:error] [pid 26667:tid 140664918460160] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/rest.php [Wed Feb 26 22:06:42.713103 2025] [:error] [pid 26667:tid 140664901674752] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/temp.php [Wed Feb 26 22:06:44.852629 2025] [:error] [pid 26667:tid 140664960423680] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info.php [Wed Feb 26 22:06:47.051546 2025] [:error] [pid 26667:tid 140665097754368] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info1.php [Wed Feb 26 22:06:49.131211 2025] [:error] [pid 26667:tid 140665131325184] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info2.php [Wed Feb 26 22:06:51.417587 2025] [:error] [pid 26667:tid 140665114539776] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info3.php [Wed Feb 26 22:06:53.203765 2025] [:error] [pid 26667:tid 140665002387200] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info4.php [Wed Feb 26 22:06:55.087988 2025] [:error] [pid 26667:tid 140664868103936] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_info5.php [Wed Feb 26 22:06:56.927381 2025] [:error] [pid 26667:tid 140664910067456] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo.php [Wed Feb 26 22:06:58.622450 2025] [:error] [pid 26667:tid 140664985601792] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo1.php [Wed Feb 26 22:07:00.350609 2025] [:error] [pid 26667:tid 140664952030976] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo2.php [Wed Feb 26 22:07:02.084605 2025] [:error] [pid 26667:tid 140664943638272] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo3.php [Wed Feb 26 22:07:03.682996 2025] [:error] [pid 26667:tid 140664884889344] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo4.php [Wed Feb 26 22:07:05.577780 2025] [:error] [pid 26667:tid 140664926852864] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo5.php [Wed Feb 26 22:07:07.699990 2025] [:error] [pid 26667:tid 140664968816384] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test0.php [Wed Feb 26 22:07:09.589077 2025] [:error] [pid 26667:tid 140664960423680] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test1.php [Wed Feb 26 22:07:11.301457 2025] [:error] [pid 26667:tid 140665097754368] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test123.php [Wed Feb 26 22:07:13.100568 2025] [:error] [pid 26667:tid 140665131325184] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test2.php [Wed Feb 26 22:07:18.047615 2025] [:error] [pid 26667:tid 140665002387200] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test3.php [Wed Feb 26 22:07:19.550776 2025] [:error] [pid 26667:tid 140664868103936] [client 170.39.218.109:37574] File does not exist: /home/id/crm-dev.dev-unit.com/test4.php [Wed Feb 26 22:07:33.917020 2025] [:error] [pid 25449:tid 140664884889344] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/test6.php [Wed Feb 26 22:07:35.848374 2025] [:error] [pid 25449:tid 140664876496640] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/test7.php [Wed Feb 26 22:07:37.562865 2025] [:error] [pid 25449:tid 140664868103936] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/test8.php [Wed Feb 26 22:07:40.008581 2025] [:error] [pid 25449:tid 140665002387200] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/test9.php [Wed Feb 26 22:07:41.845672 2025] [:error] [pid 25449:tid 140665131325184] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/tester.php [Wed Feb 26 22:07:44.032802 2025] [:error] [pid 25449:tid 140665106147072] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/testing.php [Wed Feb 26 22:07:45.969481 2025] [:error] [pid 25449:tid 140664985601792] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/time.php [Wed Feb 26 22:07:47.100899 2025] [:error] [pid 25449:tid 140664935245568] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/token.php [Wed Feb 26 22:07:47.422403 2025] [:error] [pid 25449:tid 140665010779904] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/tz.php [Wed Feb 26 22:07:48.863646 2025] [:error] [pid 25449:tid 140664901674752] [client 170.39.218.109:50908] File does not exist: /home/id/crm-dev.dev-unit.com/up.php [Fri Feb 28 15:02:31.645908 2025] [:error] [pid 11889:tid 139758932043520] [client 45.148.10.140:12592] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Fri Feb 28 15:02:31.647701 2025] [:error] [pid 11778:tid 139758848116480] [client 45.148.10.140:12582] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Tue Apr 15 20:25:22.045746 2025] [:error] [pid 7712:tid 140215809656576] [client 65.109.39.184:52553] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Mon Apr 21 06:31:19.784938 2025] [:error] [pid 1714:tid 140580772304640] [client 138.124.19.29:59236] [client 138.124.19.29] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "280"] [id "960011"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "1953"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "crm-dev.dev-unit.com"] [uri "/.env"] [unique_id "aAXKF0X1GPS5QXW-L9CbPwAAAJc"] [Fri May 16 14:45:00.358977 2025] [:error] [pid 6521:tid 140406423475968] [client 216.81.248.13:53068] [client 216.81.248.13] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/s3cmd.ini"] [unique_id "aCclPNb9TtOto3tLCrKvnQAAAJM"] [Tue May 20 06:38:22.587645 2025] [:error] [pid 13460:tid 140037890897664] [client 20.171.207.44:52178] [client 20.171.207.44] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:user_agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:user_agent: Amazon-Route53-Health-Check-Service (ref 8fccc160-3d87-4e8b-867b-ab1f416f01e8; report http://amzn.to/1vsZADi)"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "crm-dev.dev-unit.com"] [uri "/"] [unique_id "aCv5LqqwNs2Ip-hwdQyUSQAAAMM"] [Tue May 20 11:12:36.293099 2025] [:error] [pid 18937:tid 140037769373440] [client 44.243.204.103:55074] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Sun May 25 18:11:11.159398 2025] [:error] [pid 29215:tid 139900162598656] [client 93.123.109.81:58478] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sun May 25 18:11:11.567003 2025] [:error] [pid 29215:tid 139900288489216] [client 93.123.109.81:58512] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Thu May 29 21:52:13.331651 2025] [:error] [pid 17036:tid 140614251235072] [client 146.70.194.220:58228] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Mon Jun 09 01:03:52.600417 2025] [:error] [pid 25102:tid 140064688420608] [client 212.102.33.212:25184] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Mon Jun 09 01:03:53.374615 2025] [:error] [pid 25100:tid 140064804353792] [client 212.102.33.212:25007] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Mon Jun 09 01:03:57.130725 2025] [:error] [pid 25193:tid 140064688420608] [client 212.102.33.212:25023] File does not exist: /home/id/crm-dev.dev-unit.com/index.php [Thu Jun 19 12:31:36.216535 2025] [authz_core:error] [pid 12464:tid 139735687165696] [client 188.166.108.93:55122] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Jun 19 12:31:36.407846 2025] [authz_core:error] [pid 12464:tid 139735901353728] [client 206.81.24.227:45138] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Jun 19 12:31:36.416441 2025] [:error] [pid 12637:tid 139735703951104] [client 188.166.108.93:55200] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Thu Jun 19 12:31:36.986979 2025] [:error] [pid 12637:tid 139735771092736] [client 206.81.24.227:45198] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Thu Jun 19 12:31:37.366694 2025] [authz_core:error] [pid 12637:tid 139735678772992] [client 64.226.65.160:39690] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Jun 19 12:31:37.400276 2025] [authz_core:error] [pid 12637:tid 139735670380288] [client 159.89.12.166:59402] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/server-status [Thu Jun 19 12:31:37.946677 2025] [:error] [pid 12464:tid 139735762700032] [client 159.89.12.166:59500] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Thu Jun 19 12:31:37.949896 2025] [:error] [pid 12637:tid 139735909746432] [client 64.226.65.160:39742] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Sat Jun 21 21:29:19.730931 2025] [:error] [pid 20833:tid 139774467761920] [client 93.123.109.81:58836] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sat Jun 21 21:29:20.122561 2025] [:error] [pid 5610:tid 139774425798400] [client 93.123.109.81:58876] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Sun Jun 22 02:49:28.314519 2025] [:error] [pid 5610:tid 139774392227584] [client 185.177.72.111:37170] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sun Jun 22 02:49:28.327056 2025] [:error] [pid 5610:tid 139774283122432] [client 185.177.72.111:37170] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Sun Jun 22 03:22:53.352637 2025] [:error] [pid 20833:tid 139774417405696] [client 66.115.181.151:31106] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sun Jun 22 03:22:53.622810 2025] [:error] [pid 5714:tid 139774375442176] [client 66.115.181.151:31166] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Sun Jun 22 03:22:54.664623 2025] [:error] [pid 5714:tid 139774333478656] [client 66.115.181.151:31018] File does not exist: /home/id/crm-dev.dev-unit.com/index.php [Sun Jun 22 04:58:23.750766 2025] [:error] [pid 28112:tid 140286541899520] [client 13.208.152.44:56442] [client 13.208.152.44] ModSecurity: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "428"] [id "958291"] [rev "2"] [msg "Range: field exists and begins with 0."] [data "bytes=0-4000"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "6"] [accuracy "8"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "crm-dev.dev-unit.com"] [uri "/.env"] [unique_id "aFdjPywPtxHYZx_tFklsKwAAAJM"] [Mon Jun 23 19:24:25.840077 2025] [:error] [pid 362:tid 140151577581312] [client 129.146.4.238:52817] [client 129.146.4.238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:fb_sessiontraffic. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: & found within REQUEST_COOKIES:fb_sessiontraffic: S_TOUCH=&pathway=52ed32c3-5be7-42fe-8adc-5c41880050a7&V_DATE=&pc=0"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "crm-dev.dev-unit.com"] [uri "/"] [unique_id "aFl_uSql_0CBMEwOGugKfwAAAQ4"], referer: https://crew.water.blog//blog//wp-login.php [Wed Jun 25 02:57:20.142268 2025] [:error] [pid 19277:tid 140539461113600] [client 85.204.70.118:45192] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Thu Jun 26 02:04:35.526029 2025] [:error] [pid 13137:tid 140483212404480] [client 91.199.118.49:58906] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Thu Jun 26 12:06:23.599173 2025] [:error] [pid 1660:tid 139753085146880] [client 129.146.4.238:64178] [client 129.146.4.238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:fb_sessiontraffic. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: & found within REQUEST_COOKIES:fb_sessiontraffic: S_TOUCH=&pathway=565f19b4-f93a-4a3d-b1c4-b1ecdd503648&V_DATE=&pc=0"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "crm-dev.dev-unit.com"] [uri "/"] [unique_id "aF0Nj2RTgq77UPCKnQi0hgAAANM"], referer: https://crescentcitypizza.com//wp-login.php [Thu Jun 26 20:36:47.800869 2025] [:error] [pid 12166:tid 139753101932288] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.backup"] [unique_id "aF2FL5H1ntiuN3Bjwtq4bwAAABE"] [Thu Jun 26 20:36:47.841775 2025] [:error] [pid 12166:tid 139753118717696] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.backup/db.sql"] [unique_id "aF2FL5H1ntiuN3Bjwtq4dwAAAA8"] [Thu Jun 26 20:36:47.851093 2025] [:error] [pid 12166:tid 139753169073920] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.backup/mysql.sql"] [unique_id "aF2FL5H1ntiuN3Bjwtq4eQAAAAk"] [Thu Jun 26 20:36:48.754309 2025] [:error] [pid 12166:tid 139753093539584] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.git/config.bak"] [unique_id "aF2FMJH1ntiuN3Bjwtq5IQAAABI"] [Thu Jun 26 20:36:48.766059 2025] [:error] [pid 12166:tid 139753118717696] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.git/config.old"] [unique_id "aF2FMJH1ntiuN3Bjwtq5JAAAAA8"] [Thu Jun 26 20:36:48.783923 2025] [:error] [pid 12166:tid 139753202644736] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.git/db.sql"] [unique_id "aF2FMJH1ntiuN3Bjwtq5LQAAAAU"] [Thu Jun 26 20:36:48.801064 2025] [:error] [pid 12166:tid 139753093539584] [client 185.177.72.104:46244] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/.git/dump.sql"] [unique_id "aF2FMJH1ntiuN3Bjwtq5NAAAABI"] [Thu Jun 26 20:36:49.084992 2025] [authz_core:error] [pid 12111:tid 139753185859328] [client 185.177.72.104:46544] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/.htaccess [Thu Jun 26 20:36:49.165988 2025] [authz_core:error] [pid 12111:tid 139753143895808] [client 185.177.72.104:46544] AH01630: client denied by server configuration: /home/id/crm-dev.dev-unit.com/.htpasswd [Thu Jun 26 20:36:50.084731 2025] [:error] [pid 12111:tid 139753298528000] [client 185.177.72.104:46544] File does not exist: /home/id/crm-dev.dev-unit.com/_phpinfo.php [Thu Jun 26 20:36:50.136748 2025] [:error] [pid 12111:tid 139753135503104] [client 185.177.72.104:46544] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/access.log"] [unique_id "aF2FMrrOFD-qifZ1rFWM6AAAAM0"] [Thu Jun 26 20:36:50.726695 2025] [:error] [pid 12111:tid 139753076754176] [client 185.177.72.104:46544] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/access.log"] [unique_id "aF2FMrrOFD-qifZ1rFWNLAAAANQ"] [Thu Jun 26 20:36:50.770194 2025] [:error] [pid 12111:tid 139753118717696] [client 185.177.72.104:46544] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/backup.sql"] [unique_id "aF2FMrrOFD-qifZ1rFWNPAAAAM8"] [Thu Jun 26 20:36:51.107209 2025] [:error] [pid 12042:tid 139753143895808] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/db.sql"] [unique_id "aF2FM1gAGu36XRkxtWM1zwAAAEw"] [Thu Jun 26 20:36:51.171640 2025] [:error] [pid 12042:tid 139753101932288] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/debug.log"] [unique_id "aF2FM1gAGu36XRkxtWM12AAAAFE"] [Thu Jun 26 20:36:51.204622 2025] [:error] [pid 12042:tid 139753068361472] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/debug"] [unique_id "aF2FM1gAGu36XRkxtWM13AAAAFU"] [Thu Jun 26 20:36:51.226272 2025] [:error] [pid 12042:tid 139753290135296] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/dump.sql"] [unique_id "aF2FM1gAGu36XRkxtWM13gAAAEM"] [Thu Jun 26 20:36:51.266624 2025] [:error] [pid 12042:tid 139753152288512] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/error.log"] [unique_id "aF2FM1gAGu36XRkxtWM15wAAAEs"] [Thu Jun 26 20:36:51.352824 2025] [:error] [pid 12042:tid 139753076754176] [client 185.177.72.104:2796] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/admin/logs/error.log"] [unique_id "aF2FM1gAGu36XRkxtWM1-wAAAFQ"] [Sat Jun 28 22:12:26.726168 2025] [:error] [pid 13788:tid 140644223751936] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php3 [Sat Jun 28 22:12:26.757837 2025] [:error] [pid 13788:tid 140644198573824] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/inf.php [Sat Jun 28 22:12:26.782877 2025] [:error] [pid 13788:tid 140644257322752] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Sat Jun 28 22:12:26.791311 2025] [:error] [pid 13788:tid 140644290893568] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/info1.php [Sat Jun 28 22:12:26.830871 2025] [:error] [pid 13788:tid 140644282500864] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/.env.php [Sat Jun 28 22:12:26.870653 2025] [:error] [pid 13788:tid 140644274108160] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.2 [Sat Jun 28 22:12:26.877150 2025] [:error] [pid 13788:tid 140644190181120] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.8 [Sat Jun 28 22:12:26.883481 2025] [:error] [pid 13788:tid 140644215359232] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/i.php [Sat Jun 28 22:12:26.952583 2025] [:error] [pid 13788:tid 140644290893568] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/p.php [Sat Jun 28 22:12:27.013411 2025] [:error] [pid 13788:tid 140644316071680] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/test4.php [Sat Jun 28 22:12:27.044899 2025] [:error] [pid 13788:tid 140644156610304] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo3.php [Sat Jun 28 22:12:27.109180 2025] [:error] [pid 13788:tid 140644173395712] [client 185.177.72.201:16208] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/wp-config.backup"] [unique_id "aGA-m79E6jgHndxue8ahLwAAAJU"] [Sat Jun 28 22:12:27.169589 2025] [:error] [pid 13788:tid 140644198573824] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/linusadmin-phpinfo.php [Sat Jun 28 22:12:31.075396 2025] [:error] [pid 13788:tid 140644165003008] [client 185.177.72.201:16208] File does not exist: /home/id/crm-dev.dev-unit.com/info2.php [Sat Jun 28 22:12:31.757932 2025] [:error] [pid 13886:tid 140644173395712] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/index.php [Sat Jun 28 22:12:36.070048 2025] [:error] [pid 13886:tid 140644257322752] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/test_info.php [Sat Jun 28 22:12:36.082526 2025] [:error] [pid 13886:tid 140644341249792] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Sat Jun 28 22:12:36.139345 2025] [:error] [pid 13886:tid 140644248930048] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Sat Jun 28 22:12:36.236442 2025] [:error] [pid 13886:tid 140644316071680] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/_phpinfo.php [Sat Jun 28 22:12:36.293186 2025] [:error] [pid 13886:tid 140644206966528] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.staging [Sat Jun 28 22:12:36.330854 2025] [:error] [pid 13886:tid 140644265715456] [client 185.177.72.201:62990] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/var/log/nginx/error.log"] [unique_id "aGA-pLzKvJgeEDDHi4AI_wAAAMo"] [Sat Jun 28 22:12:36.404848 2025] [:error] [pid 13886:tid 140644198573824] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sat Jun 28 22:12:36.518532 2025] [:error] [pid 13886:tid 140644316071680] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/app_dev.php [Sat Jun 28 22:12:36.531467 2025] [:error] [pid 13886:tid 140644332857088] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/developer.php [Sat Jun 28 22:12:36.575190 2025] [:error] [pid 13886:tid 140644248930048] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo2.php [Sat Jun 28 22:12:36.619468 2025] [:error] [pid 13886:tid 140644173395712] [client 185.177.72.201:62990] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.csproj [Sat Jun 28 22:12:38.226304 2025] [:error] [pid 13788:tid 140644324464384] [client 185.177.72.201:60940] File does not exist: /home/id/crm-dev.dev-unit.com/test_info2.php [Sat Jun 28 22:12:38.242825 2025] [:error] [pid 13788:tid 140644181788416] [client 185.177.72.201:60940] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/redis-*.conf"] [unique_id "aGA-pr9E6jgHndxue8ahmQAAAJQ"] [Sat Jun 28 22:12:38.364153 2025] [:error] [pid 13788:tid 140644190181120] [client 185.177.72.201:60940] File does not exist: /home/id/crm-dev.dev-unit.com/dev.php [Sat Jun 28 22:12:38.517796 2025] [:error] [pid 13788:tid 140644422104832] [client 185.177.72.201:60940] File does not exist: /home/id/crm-dev.dev-unit.com/dep.php [Sat Jun 28 22:12:42.967906 2025] [:error] [pid 13788:tid 140644299286272] [client 185.177.72.201:60940] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Sat Jun 28 22:12:43.074510 2025] [:error] [pid 13788:tid 140644257322752] [client 185.177.72.201:60940] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo3.php [Sat Jun 28 22:12:43.086779 2025] [:error] [pid 13788:tid 140644324464384] [client 185.177.72.201:60940] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/wp-config.bak"] [unique_id "aGA-q79E6jgHndxue8ah9AAAAIM"] [Sat Jun 28 22:12:44.761273 2025] [:error] [pid 13074:tid 140644240537344] [client 185.177.72.201:60948] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.sample [Sat Jun 28 22:12:44.870979 2025] [:error] [pid 13074:tid 140644198573824] [client 185.177.72.201:60948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/wp-config.cfg"] [unique_id "aGA-rIDvVlTiOq4qU_OwUgAAARI"] [Sat Jun 28 22:12:45.143738 2025] [:error] [pid 13074:tid 140644324464384] [client 185.177.72.201:60948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/var/log/cloud-init-output.log"] [unique_id "aGA-rYDvVlTiOq4qU_OwWwAAAQM"] [Sat Jun 28 22:12:52.713921 2025] [:error] [pid 13074:tid 140644282500864] [client 185.177.72.201:60948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/etc/named.conf"] [unique_id "aGA-tIDvVlTiOq4qU_OwmQAAAQg"] [Sun Jun 29 08:54:25.224846 2025] [:error] [pid 29331:tid 140563642824448] [client 185.177.72.106:58408] File does not exist: /home/id/crm-dev.dev-unit.com/_phpinfo.php [Sun Jun 29 08:54:26.884803 2025] [:error] [pid 29331:tid 140563651217152] [client 185.177.72.106:58408] File does not exist: /home/id/crm-dev.dev-unit.com/app_dev.php [Sun Jun 29 08:54:28.046056 2025] [:error] [pid 29331:tid 140563542112000] [client 185.177.72.106:58408] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/env.backup"] [unique_id "aGDVFHYyGnwcPpPuQvPoZwAAANU"] [Sun Jun 29 08:54:28.135379 2025] [:error] [pid 29331:tid 140563784464128] [client 185.177.72.106:58408] File does not exist: /home/id/crm-dev.dev-unit.com/i.php [Sun Jun 29 08:54:28.162327 2025] [:error] [pid 29331:tid 140563550504704] [client 185.177.72.106:58408] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Sun Jun 29 08:54:29.728811 2025] [:error] [pid 29228:tid 140563542112000] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/p.php [Sun Jun 29 08:54:29.747500 2025] [:error] [pid 29228:tid 140563516933888] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Sun Jun 29 08:54:29.851535 2025] [:error] [pid 29228:tid 140563626039040] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/server-info.php [Sun Jun 29 08:54:29.922196 2025] [:error] [pid 29228:tid 140563767678720] [client 185.177.72.106:58438] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGDVFQyTVPcD3hMZbVlPDQAAAIM"] [Sun Jun 29 08:54:29.972265 2025] [:error] [pid 29228:tid 140563542112000] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Sun Jun 29 08:54:29.988715 2025] [:error] [pid 29228:tid 140563609253632] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/test_phpinfo.php [Sun Jun 29 08:54:31.713465 2025] [:error] [pid 29228:tid 140563784464128] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.bak [Sun Jun 29 08:54:31.787007 2025] [:error] [pid 29228:tid 140563792856832] [client 185.177.72.106:58438] File does not exist: /home/id/crm-dev.dev-unit.com/server_info.php [Tue Jul 08 09:34:44.861181 2025] [:error] [pid 22808:tid 140060133377792] [client 185.177.72.106:15830] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Tue Jul 08 09:34:44.941773 2025] [:error] [pid 22808:tid 140060141770496] [client 185.177.72.106:15830] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/env.backup"] [unique_id "aGy8BEHOlM1gGZYpYEC62AAAABE"] [Tue Jul 08 09:34:44.956428 2025] [:error] [pid 22808:tid 140060108199680] [client 185.177.72.106:15830] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Tue Jul 08 09:34:45.349506 2025] [:error] [pid 22808:tid 140060339066624] [client 185.177.72.106:15830] File does not exist: /home/id/crm-dev.dev-unit.com/server-info.php [Tue Jul 08 09:34:47.234317 2025] [:error] [pid 22808:tid 140060099806976] [client 185.177.72.106:15830] File does not exist: /home/id/crm-dev.dev-unit.com/wp-config.php.bak [Tue Jul 08 09:34:47.271738 2025] [:error] [pid 22808:tid 140060091414272] [client 185.177.72.106:15830] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/logs/aws/ses.log"] [unique_id "aGy8B0HOlM1gGZYpYEC69AAAABc"] [Fri Jul 11 09:54:19.824581 2025] [:error] [pid 21636:tid 140455471695616] [client 143.244.57.86:58554] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Fri Jul 11 11:10:43.154047 2025] [:error] [pid 21636:tid 140455547229952] [client 45.148.10.249:58312] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Fri Jul 11 11:10:43.549420 2025] [:error] [pid 21552:tid 140455379375872] [client 45.148.10.249:58352] File does not exist: /home/id/crm-dev.dev-unit.com/php_info.php [Sun Jul 13 10:07:47.142782 2025] [:error] [pid 9105:tid 140707373160192] [client 152.42.205.170:37260] [client 152.42.205.170] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "crm-dev.dev-unit.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aHNbQ0XB1tuTeIpGoTX4rwAAAJc"] [Mon Jul 14 02:16:24.646828 2025] [:error] [pid 15450:tid 140707541014272] [client 143.198.193.186:56629] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Tue Jul 22 04:02:07.368772 2025] [:error] [pid 14355:tid 140059210671872] [client 85.204.70.114:40664] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Thu Jul 24 08:32:32.379503 2025] [:error] [pid 16286:tid 140005666125568] [client 13.229.76.37:53808] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php [Fri Jul 25 03:01:14.622348 2025] [:error] [pid 18525:tid 140005758445312] [client 213.209.143.116:43746] File does not exist: /home/id/crm-dev.dev-unit.com/config.php [Fri Jul 25 03:01:14.803143 2025] [:error] [pid 16286:tid 140005699696384] [client 213.209.143.116:43774] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/backup.sql"] [unique_id "aILJShhZA3Vtfz2VyDngwAAAAMw"] [Fri Jul 25 03:01:14.901693 2025] [:error] [pid 18525:tid 140005691303680] [client 213.209.143.116:43776] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/site.bak"] [unique_id "aILJSmZn_vmS78MniOk6OAAAAQ0"] [Tue Jul 29 03:06:42.647434 2025] [:error] [pid 31395:tid 139849713518336] [client 185.177.72.13:50548] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Tue Jul 29 03:06:42.664071 2025] [:error] [pid 31395:tid 139849696732928] [client 185.177.72.13:50548] File does not exist: /home/id/crm-dev.dev-unit.com/info.php [Thu Jul 31 12:52:43.687647 2025] [:error] [pid 31126:tid 140191272457984] [client 198.144.182.13:47170] PHP Warning: Undefined variable $tmp in /home/id/crm-dev.dev-unit.com/defauit.php on line 33, referer: https://www.google.com [Thu Jul 31 16:19:40.733664 2025] [:error] [pid 5230:tid 140191398348544] [client 156.146.36.113:22025] File does not exist: /home/id/crm-dev.dev-unit.com/phpinfo.php [Thu Jul 31 16:19:40.947985 2025] [:error] [pid 31039:tid 140191230494464] [client 156.146.36.113:22192] File does not exist: /home/id/crm-dev.dev-unit.com/test.php [Thu Jul 31 16:19:41.630289 2025] [:error] [pid 31037:tid 140191339599616] [client 156.146.36.113:22191] [client 156.146.36.113] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/db.sql"] [unique_id "aIttbeihasmBcF_8Y7qtbgAAAAs"] [Thu Jul 31 16:19:41.911079 2025] [:error] [pid 5230:tid 140191381563136] [client 156.146.36.113:22161] [client 156.146.36.113] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/dump.sql"] [unique_id "aIttbVrswo1h4vUzIOocqAAAAQY"] [Thu Jul 31 16:19:42.163761 2025] [:error] [pid 31039:tid 140191423526656] [client 156.146.36.113:22097] [client 156.146.36.113] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/database.sql"] [unique_id "aIttbkbn_dOKMeyN0fORngAAAIE"] [Thu Jul 31 16:19:42.419703 2025] [:error] [pid 5230:tid 140191230494464] [client 156.146.36.113:22029] [client 156.146.36.113] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/backup.sql"] [unique_id "aIttblrswo1h4vUzIOoctwAAARg"] [Thu Jul 31 16:19:42.719616 2025] [:error] [pid 31126:tid 140191389955840] [client 156.146.36.113:22157] [client 156.146.36.113] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "crm-dev.dev-unit.com"] [uri "/config/db.sql"] [unique_id "aIttblwsynYxzR0cufxZwAAAAMU"] [Sat Aug 02 11:50:56.703881 2025] [:error] [pid 29714:tid 140178358925056] [client 52.77.233.88:52954] File does not exist: /home/id/crm-dev.dev-unit.com/xmlrpc.php