⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.101
Server IP:
178.33.27.10
Server:
Linux cpanel.dev-unit.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
Server Software:
Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
PHP Version:
8.2.25
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
usr
/
local
/
apache
/
domlogs
/
View File Name :
hegazy.mysuits.app.error.log
[Wed Nov 20 14:28:02.736549 2024] [authz_core:error] [pid 19605:tid 140712748422912] [client 64.226.78.121:57608] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/server-status [Wed Nov 20 14:28:03.314305 2024] [authz_core:error] [pid 19698:tid 140712532182784] [client 142.93.143.8:51348] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/server-status [Wed Nov 20 14:29:14.171309 2024] [autoindex:error] [pid 19604:tid 140712641287936] [client 195.211.77.140:60994] AH01276: Cannot serve directory /home/mysuits/hegazy.mysuits.app/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Wed Nov 20 15:07:24.731335 2024] [:error] [pid 19698:tid 140712790386432] [client 102.47.188.49:58710] [client 102.47.188.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/"] [unique_id "Zz3fDAhP1xtHCdj7gbo3bwAAAMA"] [Wed Nov 20 15:07:24.977292 2024] [:error] [pid 19698:tid 140712773601024] [client 102.47.188.49:58710] [client 102.47.188.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/favicon.ico"] [unique_id "Zz3fDAhP1xtHCdj7gbo3cAAAAMI"], referer: https://hegazy.mysuits.app/ [Wed Nov 20 15:21:49.175426 2024] [core:error] [pid 23688:tid 140712574146304] [client 102.47.188.49:59143] AH00037: Symbolic link not allowed or link target not accessible: /home/mysuits/hegazy.mysuits.app/public/storage, referer: https://hegazy.mysuits.app/ar [Wed Nov 20 15:22:48.180234 2024] [core:error] [pid 23688:tid 140712557360896] [client 102.47.188.49:59150] AH00037: Symbolic link not allowed or link target not accessible: /home/mysuits/hegazy.mysuits.app/public/storage, referer: https://hegazy.mysuits.app/ar [Wed Nov 20 15:26:12.505915 2024] [core:error] [pid 23688:tid 140712565753600] [client 41.237.200.22:1971] AH00037: Symbolic link not allowed or link target not accessible: /home/mysuits/hegazy.mysuits.app/public/storage, referer: https://hegazy.mysuits.app/admin/settings/update/general [Wed Nov 27 15:07:09.980445 2024] [autoindex:error] [pid 1176:tid 140381576410880] [client 197.46.117.93:40934] AH01276: Cannot serve directory /home/mysuits/hegazy.mysuits.app/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Wed Nov 27 15:09:27.950983 2024] [autoindex:error] [pid 1176:tid 140381693908736] [client 197.46.117.93:53508] AH01276: Cannot serve directory /home/mysuits/hegazy.mysuits.app/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Wed Nov 27 15:12:55.627806 2024] [autoindex:error] [pid 31947:tid 140381821507328] [client 197.46.117.93:57752] AH01276: Cannot serve directory /home/mysuits/hegazy.mysuits.app/public/storage/: No matching DirectoryIndex (index.php,index.html.var,index.htm,index.html,index.shtml,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.phtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html) found, and server-generated directory index forbidden by Options directive [Sun Dec 08 16:57:20.717069 2024] [:error] [pid 19119:tid 139647933949696] [client 156.204.103.52:3143] From github.com:mo-abouabda/my-suits-egypt, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Sun Dec 08 16:57:20.717128 2024] [:error] [pid 19119:tid 139647933949696] [client 156.204.103.52:3143] * branch main -> FETCH_HEAD, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Sun Dec 08 16:57:20.744295 2024] [:error] [pid 19119:tid 139647933949696] [client 156.204.103.52:3143] PHP Parse error: syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /home/mysuits/hegazy.mysuits.app/artisan on line 33, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Sun Dec 15 09:30:36.153758 2024] [:error] [pid 31138:tid 139642106578688] [client 197.58.125.229:55477] [client 197.58.125.229] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/"] [unique_id "Z16FnPM-9_8hCy5tYTObQgAAAEA"] [Sun Dec 15 09:30:36.311440 2024] [:error] [pid 31138:tid 139642089793280] [client 197.58.125.229:55477] [client 197.58.125.229] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/favicon.ico"] [unique_id "Z16FnPM-9_8hCy5tYTObQwAAAEI"], referer: https://hegazy.mysuits.app/ [Sun Dec 22 22:40:15.887149 2024] [:error] [pid 11647:tid 139766758569728] [client 45.148.10.235:39266] [client 45.148.10.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:c(?:o(?:n(?:t(?:entsmartz|actbot/)|cealed defense|veracrawler)|mpatible(?: ;(?: msie|\\\\.)|-)|py(?:rightcheck|guard)|re-project/1.0)|h(?:ina(?: local browse 2\\\\.|claw)|e(?:rrypicker|esebot))|rescent internet toolpak)|w(?:e(?:b(?: (?:downloader|by ..." at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_35_bad_robots.conf"] [line "27"] [id "990012"] [rev "2"] [msg "Rogue web site crawler"] [data "EmailWolf"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/AUTOMATION/MALICIOUS"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "hegazy.mysuits.app"] [uri "/"] [unique_id "Z2h5LzD8onHQCgJu9l_fYQAAAFU"] [Thu Dec 26 13:25:19.560228 2024] [:error] [pid 12472:tid 139704560449280] [client 197.58.67.255:57517] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/admin"] [unique_id "Z209H2LrjUnVn6gKufn2nAAAAIA"] [Thu Dec 26 13:25:19.815589 2024] [:error] [pid 12472:tid 139704481609472] [client 197.58.67.255:57517] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/favicon.ico"] [unique_id "Z209H2LrjUnVn6gKufn2nQAAAIE"], referer: https://hegazy.mysuits.app/admin [Thu Dec 26 13:25:23.458369 2024] [:error] [pid 12472:tid 139704473216768] [client 197.58.67.255:57517] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/"] [unique_id "Z209I2LrjUnVn6gKufn2ngAAAII"] [Thu Dec 26 13:25:23.599316 2024] [:error] [pid 12472:tid 139704464824064] [client 197.58.67.255:57517] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/favicon.ico"] [unique_id "Z209I2LrjUnVn6gKufn2nwAAAIM"], referer: https://hegazy.mysuits.app/ [Thu Dec 26 13:48:01.429836 2024] [:error] [pid 14922:tid 139704448038656] [client 197.58.67.255:57627] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/"] [unique_id "Z21CcWozzFpOMmUQdU2Y5QAAAIU"] [Thu Dec 26 13:48:01.567789 2024] [:error] [pid 14922:tid 139704431253248] [client 197.58.67.255:57627] [client 197.58.67.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within REQUEST_COOKIES:twk_uuid_666aee3b9a809f19fb3d3f75: {\\x22uuid\\x22:\\x221.70hfMXGnHHWlw422NGIF2Oho6PCjdvxIaBViv2JF15IihkRRtDvzRkE1kMxzQanoZ0fE8TczfGuNRTMij08qhBnAB6z2H9z0ymEzGuCjLGPthgghRkRr\\x22,\\x22version\\x22:3,\\x22domain\\x22:\\x22mysuits.app\\x22,\\x22ts\\x22:1731559738598}"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "hegazy.mysuits.app"] [uri "/favicon.ico"] [unique_id "Z21CcWozzFpOMmUQdU2Y5gAAAIc"], referer: https://hegazy.mysuits.app/ [Mon Jan 06 16:12:00.620924 2025] [:error] [pid 31413:tid 139995977336576] [client 156.204.166.49:1812] From github.com:mo-abouabda/my-suits-egypt, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Mon Jan 06 16:12:00.621000 2025] [:error] [pid 31413:tid 139995977336576] [client 156.204.166.49:1812] * branch main -> FETCH_HEAD, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Mon Jan 06 16:12:00.723392 2025] [:error] [pid 31413:tid 139995977336576] [client 156.204.166.49:1812] PHP Parse error: syntax error, unexpected 'class' (T_CLASS), expecting identifier (T_STRING) or variable (T_VARIABLE) or '{' or '$' in /home/mysuits/hegazy.mysuits.app/artisan on line 33, referer: https://hegazy.mysuits.app/admin/settings/upgrade-version [Sun Jan 19 00:54:19.183317 2025] [authz_core:error] [pid 847:tid 140008618948352] [client 206.81.24.227:49638] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sun Jan 19 00:54:20.107198 2025] [authz_core:error] [pid 847:tid 140008543414016] [client 206.81.24.227:54606] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sun Jan 19 08:11:37.662005 2025] [:error] [pid 3151:tid 139952281007872] [client 133.242.174.119:42368] Could not write to logfile: [Sun Jan 19 08:11:37.662041 2025] [:error] [pid 3151:tid 139952281007872] [client 133.242.174.119:42368] Printing message to stderr: [Sun Jan 19 08:11:37.662135 2025] [:error] [pid 3151:tid 139952281007872] [client 133.242.174.119:42368] [Sun Jan 19 08:11:37 2025] [info] Executing "/home/mysuits/hegazy.mysuits.app/public/index.php" as UID 1001, GID 1001 [Sun Jan 19 08:11:37.662140 2025] [:error] [pid 3151:tid 139952281007872] [client 133.242.174.119:42368] [Sun Jan 19 08:11:41.336149 2025] [:error] [pid 3151:tid 139952272615168] [client 133.242.174.119:42368] Could not write to logfile: [Sun Jan 19 08:11:41.336202 2025] [:error] [pid 3151:tid 139952272615168] [client 133.242.174.119:42368] Printing message to stderr: [Sun Jan 19 08:11:41.336313 2025] [:error] [pid 3151:tid 139952272615168] [client 133.242.174.119:42368] [Sun Jan 19 08:11:41 2025] [info] Executing "/home/mysuits/hegazy.mysuits.app/public/index.php" as UID 1001, GID 1001 [Sun Jan 19 08:11:41.336321 2025] [:error] [pid 3151:tid 139952272615168] [client 133.242.174.119:42368] [Sun Jan 19 13:43:33.228530 2025] [:error] [pid 5937:tid 139952537696000] [client 188.165.87.99:41649] Could not write to logfile: [Sun Jan 19 13:43:33.228571 2025] [:error] [pid 5937:tid 139952537696000] [client 188.165.87.99:41649] Printing message to stderr: [Sun Jan 19 13:43:33.228658 2025] [:error] [pid 5937:tid 139952537696000] [client 188.165.87.99:41649] [Sun Jan 19 13:43:33 2025] [info] Executing "/home/mysuits/hegazy.mysuits.app/public/index.php" as UID 1001, GID 1001 [Sun Jan 19 13:43:33.228662 2025] [:error] [pid 5937:tid 139952537696000] [client 188.165.87.99:41649] [Sun Jan 19 13:50:27.753083 2025] [:error] [pid 3151:tid 139952306185984] [client 217.182.186.38:42139] Could not write to logfile: [Sun Jan 19 13:50:27.753132 2[Thu Feb 13 05:56:16.770329 2025] [:error] [pid 2370:tid 139807342679808] [client 15.236.141.35:58546] [client 15.236.141.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\\\$_(?:(?:pos|ge)t|session))\\\\b" at ARGS:fw. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "233"] [id "958976"] [rev "2"] [msg "PHP Injection Attack"] [data "Matched Data: fwrite found within ARGS:fw: fwrite"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "hegazy.mysuits.app"] [uri "/wp-content/plugins/wp-ver.php"] [unique_id "Z61tYJQ90H5Zlpb8_kUgTgAAANA"], referer: www.google.com [Thu Feb 13 05:56:18.482918 2025] [:error] [pid 2370:tid 139807317501696] [client 15.236.141.35:62485] [client 15.236.141.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\\\$_(?:(?:pos|ge)t|session))\\\\b" at ARGS:fw. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "233"] [id "958976"] [rev "2"] [msg "PHP Injection Attack"] [data "Matched Data: fwrite found within ARGS:fw: fwrite"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "hegazy.mysuits.app"] [uri "/wp-content/plugins/wp-ver.php"] [unique_id "Z61tYpQ90H5Zlpb8_kUgTwAAANM"], referer: www.google.com [Wed Mar 19 00:55:51.216614 2025] [authz_core:error] [pid 7864:tid 140231051228928] [client 164.90.208.56:53286] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Wed Mar 19 00:55:55.937907 2025] [authz_core:error] [pid 7863:tid 140231202297600] [client 164.90.208.56:44424] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Tue May 06 11:14:24.528384 2025] [authz_host:error] [pid 29933:tid 140299644946176] [client 154.83.103.202:11398] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Tue May 06 11:14:24.528399 2025] [authz_core:error] [pid 29933:tid 140299644946176] [client 154.83.103.202:11398] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Fri May 09 00:57:55.058726 2025] [authz_host:error] [pid 18303:tid 140635617097472] [client 154.83.103.106:10022] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Fri May 09 00:57:55.058752 2025] [authz_core:error] [pid 18303:tid 140635617097472] [client 154.83.103.106:10022] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat May 17 12:31:25.369186 2025] [authz_core:error] [pid 24440:tid 140063060989696] [client 157.245.36.108:38294] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat May 17 12:31:25.470552 2025] [authz_core:error] [pid 24351:tid 140063258384128] [client 178.128.207.138:42744] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat May 17 12:31:25.545989 2025] [authz_core:error] [pid 24440:tid 140063027418880] [client 138.197.191.87:44680] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat May 17 12:31:26.443007 2025] [authz_core:error] [pid 24351:tid 140063161702144] [client 139.59.132.8:41888] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sun May 18 08:26:06.215073 2025] [authz_host:error] [pid 26997:tid 140382180423424] [client 213.232.87.230:45233] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name [Sun May 18 08:26:06.215108 2025] [authz_core:error] [pid 26997:tid 140382180423424] [client 213.232.87.230:45233] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Mon May 19 22:55:20.556864 2025] [core:error] [pid 811:tid 140148406712064] [client 23.94.206.30:52900] AH00524: Handler for (null) returned invalid result code 70008 [Mon May 19 22:55:20.566112 2025] [core:error] [pid 899:tid 140148565796608] [client 23.94.206.30:52897] AH00524: Handler for (null) returned invalid result code 70008 [Mon May 19 23:08:48.379770 2025] [core:error] [pid 899:tid 140148314392320] [client 23.94.206.30:55419] AH00524: Handler for (null) returned invalid result code 70008 [Mon May 19 23:08:48.538864 2025] [core:error] [pid 810:tid 140148431890176] [client 23.94.206.30:55431] AH00524: Handler for (null) returned invalid result code 70008 [Wed May 21 15:53:52.466078 2025] [core:error] [pid 20776:tid 140535549388544] [client 134.122.160.214:60670] AH00524: Handler for (null) returned invalid result code 70008 [Wed May 21 15:53:52.474498 2025] [core:error] [pid 20685:tid 140535423497984] [client 134.122.160.214:60668] AH00524: Handler for (null) returned invalid result code 70008 [Wed May 21 20:09:41.934151 2025] [core:error] [pid 20685:tid 140535656187648] [client 124.198.131.177:53554] AH00524: Handler for (null) returned invalid result code 70008 [Wed May 21 20:09:41.949000 2025] [core:error] [pid 20684:tid 140535647794944] [client 124.198.131.177:53557] AH00524: Handler for (null) returned invalid result code 70008 [Thu Jul 17 00:55:17.007002 2025] [authz_core:error] [pid 22501:tid 140121845057280] [client 206.81.24.74:51468] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Thu Jul 17 04:08:26.984248 2025] [authz_core:error] [pid 18146:tid 140094643324672] [client 178.128.207.138:38536] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Thu Jul 17 04:08:27.668882 2025] [authz_core:error] [pid 18234:tid 140094643324672] [client 157.230.19.140:37948] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Tue Aug 12 22:40:47.659204 2025] [core:error] [pid 28811:tid 28822] [client 185.177.72.36:58106] AH10244: invalid URI path (/../../../../../../.aws/credentials) [Tue Aug 12 22:40:53.014582 2025] [core:error] [pid 28716:tid 28730] [client 185.177.72.36:18394] AH10244: invalid URI path (/../../../../../../config/config.php) [Tue Aug 12 22:41:00.464198 2025] [core:error] [pid 28811:tid 28830] [client 185.177.72.36:18400] AH10244: invalid URI path (/../../../../../../home/ubuntu/.env) [Tue Aug 12 22:41:00.783656 2025] [core:error] [pid 28779:tid 28791] [client 185.177.72.36:18402] AH10244: invalid URI path (/../../../../../../var/log/apache2/access.log) [Sun Aug 17 04:29:44.348261 2025] [core:error] [pid 17210:tid 17226] [client 185.177.72.55:18298] AH10244: invalid URI path (/../../../../../../.aws/credentials) [Sat Aug 30 11:39:51.414865 2025] [:error] [pid 984:tid 1065] [client 176.65.148.43:48612] Could not write to logfile: [Sat Aug 30 11:39:51.414910 2025] [:error] [pid 984:tid 1065] [client 176.65.148.43:48612] Printing message to stderr: [Sat Aug 30 11:39:51.414998 2025] [:error] [pid 984:tid 1065] [client 176.65.148.43:48612] [Sat Aug 30 11:39:51 2025] [info] Executing "/home/mysuits/hegazy.mysuits.app/public/index.php" as UID 1001, GID 1001 [Sat Aug 30 11:39:51.415002 2025] [:error] [pid 984:tid 1065] [client 176.65.148.43:48612] [Wed Sep 10 04:20:53.032552 2025] [core:error] [pid 5458:tid 5499] [client 20.171.207.43:53016] AH10244: invalid URI path (/themes/primary/js/%url%) [Sat Sep 13 00:55:57.045346 2025] [authz_core:error] [pid 25344:tid 25370] [client 209.38.248.17:55654] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat Sep 13 00:55:57.114407 2025] [authz_core:error] [pid 27028:tid 27092] [client 164.90.208.56:59792] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Sat Sep 13 05:21:34.831835 2025] [core:error] [pid 632:tid 740] [client 20.171.207.173:33314] AH10244: invalid URI path (/themes/primary/js/%url%) [Wed Sep 17 02:26:05.501332 2025] [core:error] [pid 22529:tid 22552] [client 18.205.240.81:53537] Script timed out before returning headers: index.php [Thu Oct 09 16:15:15.394287 2025] [:error] [pid 4321:tid 4376] [client 20.18.71.42:25458] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Mon Oct 13 23:07:39.992545 2025] [:error] [pid 29151:tid 29190] [client 52.169.206.229:10163] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Oct 16 23:19:05.246406 2025] [:error] [pid 17032:tid 17058] [client 52.185.145.32:59188] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sat Oct 25 09:08:47.706856 2025] [:error] [pid 8282:tid 8320] [client 172.190.142.176:63725] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Sat Oct 25 18:13:48.867231 2025] [core:error] [pid 8115:tid 8238] [client 20.171.207.244:37180] AH10244: invalid URI path (/themes/primary/js/%url%) [Sat Oct 25 18:15:05.844948 2025] [core:error] [pid 8281:tid 8287] [client 20.171.207.91:41604] AH10244: invalid URI path (/themes/primary/js/%url%) [Sat Nov 01 00:35:41.767217 2025] [core:error] [pid 17379:tid 17406] [client 196.251.88.64:37872] Script timed out before returning headers: index.php [Sat Nov 01 00:35:43.665451 2025] [core:error] [pid 17380:tid 17468] [client 196.251.88.64:42778] Script timed out before returning headers: index.php [Sat Nov 01 05:05:02.251716 2025] [core:error] [pid 352:tid 445] [client 74.7.227.104:46712] AH10244: invalid URI path (/themes/primary/js/%url%) [Sat Nov 01 05:11:49.692632 2025] [core:error] [pid 670:tid 695] [client 74.7.227.40:42814] AH10244: invalid URI path (/themes/primary/js/%url%) [Sun Nov 02 14:41:26.462158 2025] [:error] [pid 29504:tid 29562] [client 4.217.238.229:33889] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/dropdown.php [Wed Nov 05 23:20:07.150214 2025] [:error] [pid 18975:tid 18982] [client 40.113.19.56:8657] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Nov 07 22:32:56.422683 2025] [:error] [pid 3825:tid 3838] [client 52.178.177.149:8029] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Fri Nov 07 22:32:59.994345 2025] [:error] [pid 3825:tid 3851] [client 52.178.177.149:8029] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/LA.php [Sun Nov 09 01:50:05.071592 2025] [:error] [pid 26898:tid 26925] [client 20.37.96.143:41014] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Tue Nov 11 00:54:22.165026 2025] [authz_core:error] [pid 7619:tid 7644] [client 188.166.108.93:60782] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Tue Nov 11 00:54:46.764692 2025] [authz_core:error] [pid 7619:tid 7647] [client 207.154.197.113:45414] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Wed Nov 12 21:21:27.324736 2025] [:error] [pid 6575:tid 6587] [client 4.217.221.186:63886] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/about.php [Thu Nov 13 00:54:09.932953 2025] [authz_core:error] [pid 9248:tid 9420] [client 159.65.18.197:44818] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Fri Nov 14 00:41:17.110436 2025] [core:error] [pid 5446:tid 5551] [client 35.232.110.116:36984] Script timed out before returning headers: index.php [Sat Nov 15 00:41:43.803994 2025] [core:error] [pid 31705:tid 31732] [client 205.210.31.212:59206] Script timed out before returning headers: index.php [Mon Dec 01 08:29:20.385654 2025] [:error] [pid 31546:tid 31560] [client 52.169.206.229:3020] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Tue Dec 09 18:41:01.421657 2025] [authz_core:error] [pid 8900:tid 9003] [client 157.245.36.108:35756] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Tue Dec 09 18:41:04.026964 2025] [authz_core:error] [pid 12415:tid 12454] [client 46.101.111.185:57248] AH01630: client denied by server configuration: /home/mysuits/hegazy.mysuits.app/public/server-status [Wed Dec 10 06:12:31.051848 2025] [:error] [pid 3564:tid 3600] [client 4.194.86.241:45803] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 10 13:52:00.985014 2025] [:error] [pid 8150:tid 8168] [client 68.218.17.107:27566] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/index.php [Wed Dec 10 13:52:37.128240 2025] [:error] [pid 8150:tid 8183] [client 68.218.17.107:27566] File does not exist: /usr/local/apache/autossl_tmp/.well-known/acme-challenge/13.php