⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Server Software:
Apache/2.4.57 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.11
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
dalily-2.dev-unit.com.error.log
[Tue Jun 10 00:18:16.593349 2025] [authz_core:error] [pid 20367:tid 139986212947712] [client 164.90.208.56:51112] AH01630: client denied by server configuration: /home/id/dalily-2.dev-unit.com/server-status [Tue Jun 10 00:18:17.281836 2025] [:error] [pid 20367:tid 139986322052864] [client 164.90.208.56:51184] File does not exist: /home/id/dalily-2.dev-unit.com/info.php [Tue Jun 10 00:18:17.783898 2025] [authz_core:error] [pid 20367:tid 139986246518528] [client 164.90.208.56:50508] AH01630: client denied by server configuration: /home/id/dalily-2.dev-unit.com/server-status [Tue Jun 10 00:18:18.390937 2025] [:error] [pid 20334:tid 139986271696640] [client 164.90.208.56:50578] File does not exist: /home/id/dalily-2.dev-unit.com/info.php [Tue Jun 10 16:50:18.109282 2025] [:error] [pid 12082:tid 140121630209792] [client 109.202.99.41:28561] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/web.config"] [unique_id "aEg4GiRuHu_g2xNQPIKqCQAAABg"] [Tue Jun 10 16:50:18.117119 2025] [:error] [pid 12082:tid 140121823241984] [client 109.202.99.41:51231] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aEg4GiRuHu_g2xNQPIKqCwAAAAE"] [Tue Jun 10 16:50:18.119757 2025] [:error] [pid 12082:tid 140121705744128] [client 109.202.99.41:60823] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aEg4GiRuHu_g2xNQPIKqDAAAAA8"] [Tue Jun 10 16:50:18.119913 2025] [:error] [pid 12082:tid 140121655387904] [client 109.202.99.41:59275] File does not exist: /home/id/dalily-2.dev-unit.com/phpinfo.php [Tue Jun 10 16:50:18.127538 2025] [:error] [pid 12082:tid 140121722529536] [client 109.202.99.41:50057] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/server.key"] [unique_id "aEg4GiRuHu_g2xNQPIKqDgAAAA0"] [Tue Jun 10 16:50:18.127639 2025] [:error] [pid 12019:tid 140121714136832] [client 109.202.99.41:6555] File does not exist: /home/id/dalily-2.dev-unit.com/config.php [Tue Jun 10 16:50:18.138018 2025] [:error] [pid 12082:tid 140121672173312] [client 109.202.99.41:62993] File does not exist: /home/id/dalily-2.dev-unit.com/wp-config.php [Tue Jun 10 16:50:18.142585 2025] [:error] [pid 12082:tid 140121638602496] [client 109.202.99.41:46779] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/database_backup.sql"] [unique_id "aEg4GiRuHu_g2xNQPIKqEAAAABc"] [Tue Jun 10 16:50:18.145319 2025] [:error] [pid 12018:tid 140121714136832] [client 109.202.99.41:32961] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/.svn/wc.db"] [unique_id "aEg4GtlZNCL_weQs0Qpz0QAAAE4"] [Tue Jun 10 16:50:18.163181 2025] [:error] [pid 12082:tid 140121688958720] [client 109.202.99.41:58715] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/database.sql"] [unique_id "aEg4GiRuHu_g2xNQPIKqEQAAABE"] [Tue Jun 10 16:50:18.163466 2025] [:error] [pid 12018:tid 140121697351424] [client 109.202.99.41:50609] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/dump.sql"] [unique_id "aEg4GtlZNCL_weQs0Qpz1QAAAFA"] [Tue Jun 10 16:50:18.181237 2025] [:error] [pid 12082:tid 140121781278464] [client 109.202.99.41:33851] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "dalily-2.dev-unit.com"] [uri "/backup.sql"] [unique_id "aEg4GiRuHu_g2xNQPIKqEgAAAAY"] [Tue Jun 10 16:50:18.208490 2025] [authz_host:error] [pid 12018:tid 140121747707648] [client 109.202.99.41:56409] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Tue Jun 10 16:50:18.208504 2025] [authz_core:error] [pid 12018:tid 140121747707648] [client 109.202.99.41:56409] AH01630: client denied by server configuration: /home/id/dalily-2.dev-unit.com/server-status [Sat Jun 14 03:04:03.924974 2025] [:error] [pid 25703:tid 139743371179776] [client 94.74.164.121:57252] [client 94.74.164.121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\\\\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\\\\.){2}(?:\\\\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)| ..." at REQUEST_URI. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_42_tight_security.conf"] [line "20"] [id "950103"] [rev "2"] [msg "Path Traversal Attack"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "7"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "dalily-2.dev-unit.com"] [uri "/pms"] [unique_id "aEy8c6ACnVsKjj4CPQxMAwAAAIU"] [Sat Jun 14 03:06:17.417291 2025] [:error] [pid 10460:tid 139743287252736] [client 94.74.164.121:46812] File does not exist: /home/id/dalily-2.dev-unit.com/phpinfo.php [Sat Jun 14 03:06:21.621952 2025] [:error] [pid 10460:tid 139743346001664] [client 94.74.164.121:46812] File does not exist: /home/id/dalily-2.dev-unit.com/info.php [Sun Jun 15 12:11:56.746220 2025] [:error] [pid 32623:tid 140503798470400] [client 84.17.46.221:6766] File does not exist: /home/id/dalily-2.dev-unit.com/phpinfo.php [Sun Jun 15 12:11:56.949377 2025] [:error] [pid 32499:tid 140503756506880] [client 84.17.46.221:6614] File does not exist: /home/id/dalily-2.dev-unit.com/test.php [Sun Jun 15 12:11:57.781572 2025] [:error] [pid 32623:tid 140503722936064] [client 84.17.46.221:6606] File does not exist: /home/id/dalily-2.dev-unit.com/index.php [Mon Jun 16 20:53:37.303328 2025] [:error] [pid 12841:tid 140083260757760] [client 129.146.4.238:55720] File does not exist: /home/id/dalily-2.dev-unit.com/xmlrpc.php, referer: https://dailyblackpoolnews.co.uk//wp-login.php