One Hat Cyber Team

View File Name : server.envapress.org.error.log

[Sun May 25 17:53:29.392330 2025] [authz_core:error] [pid 25043:tid 139900305274624] [client 64.227.70.2:49022] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Sun May 25 17:53:29.622321 2025] [:error] [pid 25146:tid 139900254918400] [client 64.227.70.2:49092] File does not exist: /home/envapres/public_html/info.php
[Sun May 25 17:53:30.202685 2025] [authz_core:error] [pid 25042:tid 139900238132992] [client 206.81.24.74:59840] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Sun May 25 17:53:30.247434 2025] [authz_core:error] [pid 25146:tid 139900296881920] [client 64.226.65.160:56336] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Sun May 25 17:53:30.581016 2025] [:error] [pid 25146:tid 139900221347584] [client 206.81.24.74:59914] File does not exist: /home/envapres/public_html/info.php
[Sun May 25 17:53:30.640659 2025] [authz_core:error] [pid 25146:tid 139900229740288] [client 164.90.208.56:42014] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Sun May 25 17:53:30.750733 2025] [:error] [pid 25146:tid 139900196169472] [client 64.226.65.160:56404] File does not exist: /home/envapres/public_html/info.php
[Sun May 25 17:53:32.072678 2025] [:error] [pid 25041:tid 139900187776768] [client 164.90.208.56:42060] File does not exist: /home/envapres/public_html/info.php
[Mon May 26 21:09:58.085673 2025] [:error] [pid 7592:tid 140406423508736] [client 170.39.217.3:54664] File does not exist: /home/envapres/public_html/phpinfo.php
[Mon May 26 21:09:58.202385 2025] [:error] [pid 7591:tid 140406473864960] [client 170.39.217.3:52243] File does not exist: /home/envapres/public_html/info.php
[Tue May 27 01:49:00.910321 2025] [:error] [pid 7592:tid 140406586521344] [client 170.39.217.201:5800] File does not exist: /home/envapres/public_html/phpinfo.php
[Tue May 27 16:47:55.794730 2025] [:error] [pid 2089:tid 140628973287168] [client 185.177.72.204:29280] File does not exist: /home/envapres/public_html/phpinfo.php
[Tue May 27 16:47:55.800991 2025] [:error] [pid 2089:tid 140628897752832] [client 185.177.72.204:29280] File does not exist: /home/envapres/public_html/info.php
[Tue May 27 16:47:55.859185 2025] [authz_core:error] [pid 2089:tid 140629136766720] [client 185.177.72.204:29280] AH01630: client denied by server configuration: /home/envapres/public_html/.htpasswd
[Tue May 27 16:47:55.865423 2025] [authz_core:error] [pid 2089:tid 140629119981312] [client 185.177.72.204:29280] AH01630: client denied by server configuration: /home/envapres/public_html/.htaccess
[Tue May 27 16:47:55.884440 2025] [:error] [pid 2089:tid 140629145159424] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/db_backup.sql"] [unique_id "aDXCi6-FI5N3rxuWN1Jo1wAAAAE"]
[Tue May 27 16:47:55.890638 2025] [:error] [pid 2089:tid 140628939716352] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/dump.sql"] [unique_id "aDXCi6-FI5N3rxuWN1Jo2AAAABE"]
[Tue May 27 16:47:56.040785 2025] [:error] [pid 2089:tid 140629145159424] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/private.key"] [unique_id "aDXCjK-FI5N3rxuWN1Jo8AAAAAE"]
[Tue May 27 16:47:56.046995 2025] [:error] [pid 2089:tid 140628939716352] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/public.key"] [unique_id "aDXCjK-FI5N3rxuWN1Jo8QAAABE"]
[Tue May 27 16:47:56.122103 2025] [:error] [pid 2089:tid 140628922930944] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/var/log/nginx/access.log"] [unique_id "aDXCjK-FI5N3rxuWN1Jo_QAAABM"]
[Tue May 27 16:47:56.128344 2025] [:error] [pid 2089:tid 140628931323648] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/var/log/nginx/error.log"] [unique_id "aDXCjK-FI5N3rxuWN1Jo_gAAABI"]
[Tue May 27 16:47:56.134565 2025] [:error] [pid 2089:tid 140628880967424] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/var/log/apache2/access.log"] [unique_id "aDXCjK-FI5N3rxuWN1Jo_wAAABg"]
[Tue May 27 16:47:56.140824 2025] [:error] [pid 2089:tid 140628956501760] [client 185.177.72.204:29280] [client 185.177.72.204] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/var/log/apache2/error.log"] [unique_id "aDXCjK-FI5N3rxuWN1JpAAAAAA8"]
[Wed May 28 13:13:14.713952 2025] [:error] [pid 13266:tid 140613395605248] [client 185.177.72.201:11774] File does not exist: /home/envapres/public_html/phpinfo.php
[Wed May 28 13:13:14.720151 2025] [:error] [pid 13266:tid 140613496317696] [client 185.177.72.201:11774] File does not exist: /home/envapres/public_html/info.php
[Wed May 28 13:13:14.732736 2025] [:error] [pid 13266:tid 140613412390656] [client 185.177.72.201:11774] File does not exist: /home/envapres/public_html/server-info.php
[Wed May 28 13:13:14.761729 2025] [:error] [pid 13266:tid 140613538281216] [client 185.177.72.201:11774] File does not exist: /home/envapres/public_html/wp-config.php.bak
[Wed May 28 18:03:44.177965 2025] [:error] [pid 2765:tid 140613437568768] [client 185.177.72.201:27002] File does not exist: /home/envapres/public_html/phpinfo.php
[Wed May 28 18:03:44.184200 2025] [:error] [pid 2765:tid 140613445961472] [client 185.177.72.201:27002] File does not exist: /home/envapres/public_html/info.php
[Wed May 28 18:03:44.196680 2025] [:error] [pid 2765:tid 140613504710400] [client 185.177.72.201:27002] File does not exist: /home/envapres/public_html/server-info.php
[Wed May 28 18:03:44.223754 2025] [:error] [pid 2765:tid 140613429176064] [client 185.177.72.201:27002] File does not exist: /home/envapres/public_html/wp-config.php.bak
[Wed Jun 04 04:57:26.700488 2025] [:error] [pid 11181:tid 140249908852480] [client 89.187.164.79:50184] File does not exist: /home/envapres/public_html/phpinfo.php
[Wed Jun 04 04:57:27.248493 2025] [:error] [pid 11275:tid 140250103404288] [client 89.187.164.79:50116] File does not exist: /home/envapres/public_html/test.php
[Wed Jun 04 04:57:29.263119 2025] [:error] [pid 11180:tid 140249900459776] [client 89.187.164.79:50111] File does not exist: /home/envapres/public_html/index.php
[Fri Jun 13 08:36:22.536013 2025] [:error] [pid 28034:tid 139743312430848] [client 185.177.72.210:4072] File does not exist: /home/envapres/public_html/i.php
[Fri Jun 13 08:36:22.542270 2025] [:error] [pid 28034:tid 139743295645440] [client 185.177.72.210:4072] File does not exist: /home/envapres/public_html/info.php
[Fri Jun 13 08:36:22.554767 2025] [:error] [pid 28034:tid 139743371179776] [client 185.177.72.210:4072] File does not exist: /home/envapres/public_html/p.php
[Fri Jun 13 08:36:22.567315 2025] [:error] [pid 28034:tid 139743346001664] [client 185.177.72.210:4072] File does not exist: /home/envapres/public_html/phpinfo.php
[Sat Jun 14 05:09:46.801120 2025] [:error] [pid 29706:tid 139990918960896] [client 185.177.72.210:33064] File does not exist: /home/envapres/public_html/i.php
[Sat Jun 14 05:09:46.809353 2025] [:error] [pid 29706:tid 139990986102528] [client 185.177.72.210:33064] File does not exist: /home/envapres/public_html/info.php
[Sat Jun 14 05:09:46.830392 2025] [:error] [pid 29706:tid 139990902175488] [client 185.177.72.210:33064] File does not exist: /home/envapres/public_html/p.php
[Sat Jun 14 05:09:46.847021 2025] [:error] [pid 29706:tid 139991116482304] [client 185.177.72.210:33064] File does not exist: /home/envapres/public_html/phpinfo.php
[Mon Jun 23 22:56:08.831168 2025] [:error] [pid 1679:tid 140151535617792] [client 140.245.34.103:52232] File does not exist: /home/envapres/public_html/xmlrpc.php
[Mon Jun 30 04:30:02.699940 2025] [:error] [pid 21205:tid 140261795546880] [client 85.204.70.90:35304] File does not exist: /home/envapres/public_html/xmlrpc.php
[Mon Jul 07 10:24:02.041592 2025] [:error] [pid 19609:tid 140072154289920] [client 85.204.70.90:41856] File does not exist: /home/envapres/public_html/xmlrpc.php
[Sat Jul 12 06:57:03.103844 2025] [:error] [pid 17487:tid 140319744001792] [client 45.148.10.249:38620] File does not exist: /home/envapres/public_html/phpinfo.php
[Sat Jul 12 06:57:03.630838 2025] [:error] [pid 17589:tid 140319769179904] [client 45.148.10.249:38662] File does not exist: /home/envapres/public_html/php_info.php
[Thu Jul 24 00:54:58.655741 2025] [authz_core:error] [pid 18908:tid 140289956091648] [client 138.68.86.32:35932] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Thu Jul 24 00:54:58.666784 2025] [authz_core:error] [pid 18908:tid 140289821808384] [client 139.59.132.8:48368] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Thu Jul 24 00:54:58.981009 2025] [:error] [pid 18908:tid 140290006447872] [client 139.59.132.8:48440] File does not exist: /home/envapres/public_html/info.php
[Thu Jul 24 00:54:58.995043 2025] [:error] [pid 18805:tid 140289830201088] [client 138.68.86.32:35996] File does not exist: /home/envapres/public_html/info.php
[Thu Jul 24 00:54:59.159207 2025] [authz_core:error] [pid 18908:tid 140290093254400] [client 138.68.86.32:37242] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Thu Jul 24 00:54:59.329192 2025] [authz_core:error] [pid 18806:tid 140290093254400] [client 139.59.132.8:59372] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Thu Jul 24 00:54:59.632860 2025] [:error] [pid 18908:tid 140289998055168] [client 138.68.86.32:37320] File does not exist: /home/envapres/public_html/info.php
[Thu Jul 24 00:54:59.884029 2025] [:error] [pid 18807:tid 140289830201088] [client 139.59.132.8:36156] File does not exist: /home/envapres/public_html/info.php
[Thu Jul 24 01:35:45.123257 2025] [:error] [pid 18806:tid 140289964484352] [client 109.202.99.41:24353] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/_vti_pvt/service.pwd"] [unique_id "aIFjwQ9ZSth7pLJQ514O1QAAAEc"]
[Thu Jul 24 01:35:45.345698 2025] [:error] [pid 32710:tid 140289964484352] [client 109.202.99.41:25439] File does not exist: /home/envapres/public_html/config.php
[Thu Jul 24 01:35:45.346091 2025] [:error] [pid 18807:tid 140289964484352] [client 109.202.99.41:61199] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/etc/ssl/private/server.key"] [unique_id "aIFjwaZogFZdwYmvsA7bAQAAAIc"]
[Thu Jul 24 01:35:45.349603 2025] [:error] [pid 18805:tid 140289838593792] [client 109.202.99.41:61051] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/.svn/wc.db"] [unique_id "aIFjwX5as4c3SxaDERqFcAAAABY"]
[Thu Jul 24 01:35:45.473110 2025] [:error] [pid 32685:tid 140289981269760] [client 109.202.99.41:12183] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/dump.sql"] [unique_id "aIFjwe1qpp90OzDd9yCNRQAAAQU"]
[Thu Jul 24 01:35:45.473141 2025] [:error] [pid 32710:tid 140289922520832] [client 109.202.99.41:13613] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/backup.sql"] [unique_id "aIFjwQeyFjUss-FHOeVYmAAAAYw"]
[Thu Jul 24 01:35:45.474738 2025] [:error] [pid 32710:tid 140290093254400] [client 109.202.99.41:54047] File does not exist: /home/envapres/public_html/phpinfo.php
[Thu Jul 24 01:35:45.474899 2025] [:error] [pid 32709:tid 140289989662464] [client 109.202.99.41:45813] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/web.config"] [unique_id "aIFjwTUtqhZDO8iMx3hbNwAAAUQ"]
[Thu Jul 24 01:35:45.475334 2025] [:error] [pid 18806:tid 140290084861696] [client 109.202.99.41:18699] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/database.sql"] [unique_id "aIFjwQ9ZSth7pLJQ514O1gAAAEE"]
[Thu Jul 24 01:35:45.475382 2025] [:error] [pid 18806:tid 140289880557312] [client 109.202.99.41:62277] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/database_backup.sql"] [unique_id "aIFjwQ9ZSth7pLJQ514O1wAAAFE"]
[Thu Jul 24 01:35:45.478053 2025] [:error] [pid 32710:tid 140289914128128] [client 109.202.99.41:22607] File does not exist: /home/envapres/public_html/wp-config.php
[Thu Jul 24 01:35:45.485648 2025] [:error] [pid 32710:tid 140289989662464] [client 109.202.99.41:34783] [client 109.202.99.41] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/server.key"] [unique_id "aIFjwQeyFjUss-FHOeVYnQAAAYQ"]
[Thu Jul 24 01:35:45.532912 2025] [authz_host:error] [pid 32709:tid 140289981269760] [client 109.202.99.41:3651] AH01753: access check of 'localhost' to /server-status failed, reason: unable to get the remote host name
[Thu Jul 24 01:35:45.532954 2025] [authz_core:error] [pid 32709:tid 140289981269760] [client 109.202.99.41:3651] AH01630: client denied by server configuration: /home/envapres/public_html/server-status
[Fri Jul 25 09:19:27.311702 2025] [:error] [pid 4860:tid 139664979633920] [client 213.209.143.116:50182] File does not exist: /home/envapres/public_html/config.php
[Fri Jul 25 09:19:27.864499 2025] [:error] [pid 4773:tid 139664878921472] [client 213.209.143.116:50208] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/backup.sql"] [unique_id "aIMh704Y-nx8IAW5xFqGjgAAAJQ"]
[Fri Jul 25 09:19:28.198700 2025] [:error] [pid 4860:tid 139664870528768] [client 213.209.143.116:50210] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.server.envapress.org"] [uri "/site.bak"] [unique_id "aIMh8BnWKAPX3H-zUxTbnAAAANU"]
[Sat Jul 26 03:19:15.109917 2025] [:error] [pid 4860:tid 139664929277696] [client 213.209.143.116:37332] File does not exist: /home/envapres/public_html/config.php
[Sat Jul 26 03:19:15.278135 2025] [:error] [pid 4860:tid 139664845350656] [client 213.209.143.116:37352] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/backup.sql"] [unique_id "aIQfAxnWKAPX3H-zUxQT8QAAANg"]
[Sat Jul 26 03:19:15.361688 2025] [:error] [pid 4771:tid 139665114949376] [client 213.209.143.116:37364] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_30_http_policy.conf"] [line "88"] [id "960035"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server.envapress.org"] [uri "/site.bak"] [unique_id "aIQfA-_f9BoLr-vntvHJiwAAAAA"]
[Sun Jul 27 11:43:15.062739 2025] [:error] [pid 24537:tid 140578733926144] [client 165.22.250.175:56714] File does not exist: /home/envapres/public_html/xmlrpc.php
[Thu Jul 31 09:45:28.869743 2025] [:error] [pid 31039:tid 140191356385024] [client 198.144.182.13:55128] PHP Warning:  Undefined variable $tmp in /home/envapres/public_html/defauit.php on line 33, referer: https://www.google.com